Design Flaw in Intel x86 enables rootkits

Christopher Domas from the Battelle Memorial Institute at Blackhat presented how to compromise the lowest level code in Intel CPUs. The bug allows malicious code to jump from 'ring 0,' typically the most privileged level of execution, to 'ring -2,' the System Management Mode. While running under SMM, said code is able to preempt code running in any other ring, including the 'ring -1' hypervisor, and can even bypass protections such as Trusted Execution Technology. This is well below the OS or even the BIOS.  Intel CPUs from 1997 to just before the now are vulnerable.  The most recent CPU form Intel are safe.  It is unclear wether it applies to AMD x86 CPUs.

https://www.blackhat.com/us-15/briefings.html#the-memory-sinkhole-unleashing-an-x86-design-flaw-allowing-universal-privilege-escalation

http://www.pcworld.com/article/2965872/components-processors/design-flaw-in-intel-processors-opens-door-to-rootkits-researcher-says.html

Submitted by Anonymous on