A Stitch in Time Saves Nine: A Case of Multiple Operating System Vulnerability

Presented at Black Hat USA 2012, Unknown date/time (Unknown duration)

Six years ago Linux kernel developers fixed a vulnerability that was caused by using the "sysret" privileged Intel CPU instruction in an unsafe manner. Apparently, nobody realized (or cared enough to let others know) the full impact and how widespread and reliably exploitable the problem is: in 2012, four other popular operating systems were found to be vulnerable to user-to-kernel privilege escalation resulting from the same root cause. The presentation will explain the subtleties of the relevant Intel CPU instructions and the variety of ways they can be reliably exploited on unpatched systems. Exploits for a few affected operating systems will be demonstrated. Attendees are expected to have basic understanding of Intel CPUs architecture.