Intel's Incomplete Documentation Leads To Insecure Debugging Interface

Due to incomplete documentation from Intel, the debugging interface for its chips was not implemented correctly by operating system vendors, which resulted in a security vulnerability. The issue affects most operating systems out there, including Windows, macOS, FreeBSD, and multiple Linux distributions.

From Ring 3 To Ring 0

The CERT Coordination Center has blamed Intel for incomplete documentation for its MOV SS and POP SS interrupt/exception instructions. The MOV SS and POP SS instructions inhibit interrupts, data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction.

The issues seems to be that by misinterpreting Intel’s incomplete documentation for these instructions, the OS vendors were allowing instructions such as SYSCALL, SYSENTER, INT 3, and others that transfer control to the operating system at Current Privilege Level (CPL) < 3 to follow the MOV SS and POP SS instructions.

This would result in an unexpected behavior by allowing Ring 3 user-level applications to control the kernel Ring 0 system level. In other words, malicious apps would be able to gain control of lower-level components of the system to bypass other security protections and steal sensitive memory information.

Mitigation

Most OS vendors have already issued their patches to users, so you should check for updates on your operating systems and apply them as soon as possible to remain protected against this threat.

We’ve seen quite a few security bugs affecting Intel’s chips and firmware in the past year or so. The most likely explanation for this avalanche of reports is that security researchers have started taking a better look at the security of these processors, with a focus on Intel because of its market dominance.

We can also assume that because the Meltdown and Spectre flaws were first privately revealed to the OS vendors, the OS vendors have begun proactively digging deeper on all the potential security issues coming from Intel chips. To avoid many more reports like this one, or the ongoing Spectre news, Intel will need to take its security pledge very seriously in the coming years.

Create a new thread in the UK News comments forum about this subject
1 comment
Comment from the forums
    Your comment
  • _lc_
    This is only half the truth. The problem is that the x86/x64 architecture is a pile of junk. They keep throwing new stuff on top, while the bottom is rotting away silently.
    Those troublesome instructions are a relic of the 16-bit era. Nobody has needed them for decades, yet they are still around. Does anybody remember the dreaded A-20-Gate and all the problems it caused? Where are we now – SSE4? MMX anyone? It just keeps piling up.