In association with heise online

13 June 2012, 11:41

Intel CPUs affected by VM privilege escalation exploit

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Intel logo

A security vulnerability in the virtualisation software built into Intel's hardware allows an attacker to execute code in Ring 0 of the CPU. The problem affects 64-bit versions of Windows, Linux, FreeBSD and the Xen hypervisor.

By manipulating the stack, an attacker from Ring 3 can get code executed in Ring 0 of the CPU to elevate their local privileges or escape the virtual machine jail. The flaw seems to only affect Intel hardware – AMD and ARM CPUs are not affected. To close the security hole, users should apply updates from their operating system supplier.

To this end, operating system specific details on the vulnerability have been published by Xen, FreeBSD and Microsoft. Linux vendor Red Hat has also published two updates on the problem: RHSA-2012:0720-1 and RHSA-2012:0721-1.

(fab)

Print Version | Send by email | Permalink: http://h-online.com/-1616866
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit