Security issue found in 64-bit virtualization software running on Intel CPUs

Vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape

Page 2 of 2

Given that AMD chips aren't affected and AMD wrote the x86-64 standard that Intel is working off of, it seems dubious of Intel to brush this off as a software implementation issue. The subtle difference alluded to above is that certain hardware functions are performed differently on Intel CPUs than they are on AMD processors. As the blog states:

Because Intel's implementation of SYSRET matches [AMD's] published spec, they consider their processors to be behaving correctly. However, the SYSRET instruction was defined by AMD as part of the x86-64 architecture, and Intel's version is obviously intended to be compatible with AMD's version. If the majority of operating systems (acting independently) managed to "not properly handle uncanonical return addresses on Intel EM64T CPUs," it's hard not to conclude that Intel made a mistake when designing their specification.

But beyond the "he said, she said" and finger-pointing blame game, it's important to note that not all virtualization platforms and operating systems are affected. Unfortunately, the list does include quite a few vendors, so it is important to make sure that your platform isn't on the list. If it is, be sure to review the vendor information for specific patch and workaround details.

Those listed as being affected include Citrix, FreeBSD Project, Intel, Joyent, Microsoft, NetBSD, Oracle, Red Hat, Suse Linux, and Xen. VMware, Apple, and AMD appear to be unaffected at this time. OpenBSD and Linux operating systems should be unaffected as well since the underlying flaw was reportedly fixed in Linux back in 2006.

If we're talking about a numbers game when it comes to the hypervisor, there's at least some good news. Because the majority of companies out there are currently running VMware vSphere, these organizations may be better off and might remain somewhat safe from this security issue. I use the words "somewhat safe" because keep in mind, this vulnerability isn't just about the hypervisor. It also affects the operating systems themselves. Since the virtual machines running within the VMware environment are using installed operated systems, VMware users aren't completely out of the woods.

This issue was reiterated in an official statement made by VMware, saying, "The 'sysret' instruction is not used in VMware hypervisor code, therefore VMware products are not affected by this issue. Please note that guest operating systems that are installed as virtual machines may be affected and should be patched based on the recommendation of their respective OS vendors."

While VMware as of late has been hit with ESX source code leak problems and have had to recently patch arbitrary code execution flaws in desktop and server virtualization products, the virtualization giant seems to have dodged at least one bullet this go round.

This article, "Security issue found in 64-bit virtualization software running on Intel CPUs," was originally published at Follow the latest developments in virtualization and cloud computing at

| 1 2 Page 2