Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Misunderstood Intel Documentation Leads to Multivendor Vulnerability

    By
    SEAN MICHAEL KERNER
    -
    May 10, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Vulnerabilities

      Major operating system vendors including Microsoft, Apple and Linux distributions somehow misinterpreted Intel documentation about a hardware debugging feature and ended up exposing users to potential risk. 

      The flaw, which has been identified as CVE-2018-8897, was publicly reported on May 8, though impacted vendors were notified on April 30 and have already released patches. The flaw could have enabled an unauthenticated user to read sensitive data in memory or control low-level operating system functions.

      “In some circumstances, some operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception,” CERT warned in its advisory on the issue. “The error appears to be due to developer interpretation of existing documentation for certain Intel architecture interrupt/exception instructions, namely MOV to SS and POP to SS.”

      The flaw was reported by researchers Nick Peterson of Everdox Tech and Nemanja Mulasmajic of triplefault.io. In a detailed research paper, Peterson and Mulasmajic explain that the flaw is due to lack of control for a pair of debug registers that operating systems use. 

      “This is a serious security vulnerability and oversight made by operating system vendors due to unclear and perhaps even incomplete documentation,” the researchers wrote.

      In a security advisory, Red Hat wrote that modern processors provide debugging infrastructure used by system designers and application developers to debug their software. On Linux, the risk is that an unprivileged KVM hypervisor guest user could use the CVE-2018-8897 flaw to crash the guest or escalate their privileges in the guest. There is no indication that attackers have exploited the issue on any operating system, and there currently is no proof of concept exploit code that has been publicly released.

      “We’ve got working exploit code for Windows (should work on Linux too) on both Intel and AMD hardware,” Mulasmajic wrote in a Twitter message. “We do plan on releasing it after we give a presentation/talk in the near future.” 

      Industry Reaction

      The fact that a flaw was discovered due to poor documentation doesn’t come as a surprise to Joseph Carson, chief security scientist at Thycotic. Documentation is typically thrown together at the last minute or done simply as a checkbox item, he said.  

      “When you leave security to be correctly followed from a document, you will typically find some vendors implement it incorrectly,” Carson told eWEEK. 

      While the CVE-2018-8897 issue is a concern, Rishi Bhargava, co-founder at Demisto, said it’s not as severe as the Meltdown and Spectre issues in terms of impact on the operating system or, at least as of now, it does not seem appear to be. The Meltdown and Spectre side-channel memory vulnerabilities in Intel and AMD were publicly disclosed on Jan. 3 and have led to multiple rounds of firmware and operating system updates.

      “When the root cause is misunderstanding of documentation, the hope is that some people interpreted it right,” Bhargava told eWEEK. “Though the bigger challenge that is emerging—now that we have seen a couple of hardware issues—is that researchers and black hats are shining a flashlight on hardware-related security problems and will find more.” 

      Chris Morales, head of security analytics at Vectra, said there is at least one key difference between Meltdown and Spectre and CVE-2018-8897. Meltdown and Spectre are remotely exploitable by malware, providing an initial means of infection, which could expose user and app passwords stored in system memory to potential risk, he said.

      “This new ‘doc misunderstand’ issue, which is a mishandle of a debug exception feature, is not remotely exploitable, meaning an attacker needs to already be on the system before this technique is of any use,” Morales said. “Once on the system, this poor implementation of the Intel debug feature would allow an attacker to elevate privileges on an already compromised system to gain low level access.”

      Morales explained that with the low-level access to an operating system kernel, an attacker could then move laterally across a network to find potentially valuable information.

      Patches

      The CERT advisory on the CVE-2018-8897 issue advises end users and enterprises to apply operating system patches in order to mitigate the flaw.

      “Check with your operating system or software vendor for updates to address this issue,” the CERT advisory states. “There is no expected performance impact for applying an update.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×