The Software Engineering Institute's Computer Emergency Response Team (CERT) has published details of an embarrassing security vulnerability affecting the majority of operating systems running on the majority of modern processors, stemming from a simple misunderstanding of the documentation surrounding a particular set of instructions.
Announced publicly late last night, CVE-2018-8897 seems on the surface a common flaw resulting from the improper checking and handling of exceptional conditions. The reason for that improper handling, though, is interesting: 'The error appears to be due to developer interpretation of existing documentation for certain Intel architecture interrupt/exception instructions,' SEI's CERT explains, 'namely MOV to SS and POP to SS'. In other words: The error only exists because the documentation wasn't interpreted correctly.
What is known is that the misunderstanding is impressively spread: According to CERT's testing, every mainstream operating system kernel from Windows, Apple, Linux, and BSD through to the Xen virtual machine hypervisor are affected by the flaw, which allows unauthenticated attackers to crash the system and authenticated attackers to read sensitive memory contents or control low-level operating system functions to which they should not have access. So far, the only operating systems to avoid the issue are NetBSD and niche products from Eero, Intel, and Joyent.
While the flaw lies in Intel x86-64 instructions and interpretation of Intel documentation, it's by no means Intel specific: The flaw can be exploited on any 64-bit system implementing those instructions, including those manufactured by AMD.
Thankfully, patches have already been released for the issue: Windows 7 through 10, currently-supported Linux kernels, and Apple's BSD-based macOS have all been patched to fix the flaw, while Intel has released an updated version of its software development manuals to make the correct implementation of the instructions more apparent.
January 24 2020 | 12:00