64-bit OS, Virtualization Software Susceptible to Privilege Escalation Attacks on Intel CPUs

Attackers can exploit an Intel CPU-dependent vulnerability to escape virtual machines or gain kernel privileges
By Lucian Constantin
News Jun 15th 2012

Some 64-bit operating systems and virtualization software programs are vulnerable to local privilege escalation attacks when running on Intel processors (CPUs), the U.S. Computer Emergency Readiness Team (US-CERT) said in a security advisory.

The vulnerability is identified as CVE-2012-0217 and stems from the way Intel CPUs have implemented the SYSRET instruction in their x86-64 extension, known as Intel 64.

Attackers could exploit the vulnerability to force Intel CPUs to return a general protection fault in privileged mode. This would allow them to execute code with kernel privileges from a least-privileged account, or to escape from a virtual machine and gain control of the host operating system.

The vulnerability can only be exploited on Intel CPUs when the Intel 64 extension is in use. This means that 32-bit operating systems or virtualization software are not vulnerable.