The American Computer Emergency Response Team (CERT), has recently issued a report on a critical error in Intel processors. In early May, a vulnerability was discovered in the execution of AMD's x86-64 instruction sets, the same one Intel uses in its chips. Initially, the bug seemed limited to Linux, but it has since been revealed to be a potential threat on other platforms as well, including Windows, BSD and OSX.
When AMD first created its x86-64 instructions, the amount of addressable memory was limited to 48-bit, meaning bits 49 up to 64 remained unused. To abuse this empty space, AMD processors require what is called a canonical memory address, in which the empty bits are given the same values. Any attempts to access these addresses are rejected by the processor.
Intel processes things slightly differently, checking for canonical addresses in a different location. This allows users to execute special code after the error message. The process is then routed to the created infected space at a kernel level, after which malicious code can be executed. The bug has since been patched and distributed through Windows Update. Among others, Intel, Oracle, Citrix, FreeBSD, NetBSD, Oracle, SUSE, Xen, Red Hat and Joyent have also released fixes.
Additional details can be found on the CERT webpage.
Intel's implementation of the canonical addresses made it possible to run malicious code outside of the regular address space
Image source: Wikipedia
