Domas’ x86 vulnerability


Lucian Constantin has two articles (one in Computer World, one in PC World), on Christopher Domas’ Black Hat Briefings presentation.

Design flaw in Intel chips opens door to rootkits

The Memory Sinkhole – Unleashing an x86 Design Flaw Allowing Universal Privilege Escalation
Christopher Domas
“In x86, beyond ring 0 lie the more privileged realms of execution, where our code is invisible to AV, we have unfettered access to hardware, and can trivially preempt and modify the OS. The architecture has heaped layers upon layers of protections on these negative rings, but 40 years of x86 evolution have left a labyrinth of forgotten backdoors into the ultra-privileged modes. Lost in this byzantine maze of decades-old architecture improvements and patches, there lies a design flaw that’s gone unnoticed for 20 years. In one of the most bizarre and complex vulnerabilities we’ve ever seen, we’ll release proof-of-concept code exploiting the vast, unexplored wasteland of forgotten x86 features, to demonstrate how to jump malicious code from the paltry ring 0 into the deepest, darkest realms of the processor. Best of all, we’ll do it with an architectural 0-day built into the silicon itself, directed against a uniquely vulnerable string of code running on every single system.

Christopher’s slides and paper are now available:

Click to access us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation-wp.pdf

Click to access us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation.pdf

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s