US-CERT reports a security issue in Intel CPUs

Last week, the U.S. Computer Emergency Readiness Team (US-CERT) reported a vulnerability, on Intel CPU hardware, that could lead to a privilege escalation attack on some 64-bit operating systems and virtualization softwares running on Intel CPU hardware.

In these years many security flaws have affected different virtualization platforms but this episode is remarkable because, originated at the CPU level, affects many different systems and not just a single vendor.

Two days ago US-CERT updated the list of the affected systems, that includes Windows 7, Windows Server 2008 R2, FreeBSD and NetBSD as well as Xen hypervisor, that we report in a “per Vendor” grouping:

Intel claims that this vulnerability is a software implementation issue, as their processors are functioning as per their documented specifications. However, software that does not take the unsafe SYSRET behavior specific to Intel processors into account may be vulnerable.

Wrote US-CERT in its security advisory, fortunately, VMware vSphere, which is still the most common hypervisor in the companies, does not seem to be affected from this problem.