Remote Code Execution Through Intel CPU Bugs

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Profile image of Mattias Geniar

Mattias Geniar, August 05, 2008

Follow me on Twitter as @mattiasgeniar

Kris Kaspersky, who isn’t related to the famous Anti-Virus company, is a security researcher. He recently found several serious bugs in the Intel CPU’s that could potentially open the doors for hackers and make it possible to execute code remotely. Seeing as this is a hardware bug, it’s vulnerability is spread across Windows, Linux and Mac’s – potentially causing major problems.

Here’s a pretty large quote that will explain things further.

Although CPU bugs are not something new in the security industry, nobody has come out with any proof-of-concept exploits and as it stands, there are no known malware that take advantage of these bugs, although some malware writers have actually used CPU bugs for targeted attacks. It is just a matter of time before we start seeing these sort of attacks used in more devastating ways over the Internet. Intel has provided workarounds to major BIOS vendors for some of these bugs, but who knows which vendor actually uses them? End-users are in the dark as to how to check if they are secure or not. Intel doesn’t provide any test program for this and the worst thing is -- some bugs are still not fixed. In other words, Intel has no workaround for it.

In this presentation, I will share with the participants the finding of my CPU malware detection research which was funded by Endeavor Security. I will also present to the participants my improved POC code and will show participants how it’s possible to make an attack via JavaScript code or just TCP/IP packets storms against Intel based machine. Some of the bugs that will be shown are exploitable via common instruction sequences and by knowing the mechanics behind certain JIT Java-compilers, attackers can force the compiler to do what they want (for example: short nested loops lead to system crashes on many CPUs). I will also share with the participants my experience in data recovery and how CPU bugs have actually contributed in damaging our hard drives without our knowledge.

His proof-of-concept code will be shown at the "Hack In The Box" security conference, in Malaysia, which starts on the 27th October 2008. It could have serious consequences, as hardware bugs are hard to prevent. It usually takes a BIOS upgrade to be able to prevent these kind of bugs, as a normal OS patch won't have any effect. And even then, you'd need a BIOS manufacturer willing to patch these flaws, and you need flaws that are patchable.

Now tell me, does an average user know how to flash a BIOS to the latest firmware? I don't think so ...



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.