Portal de Periódicos da CAPES

Intel SYSRET Privilege Escalation Vulnerability Analysis

2012; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-642-35211-9_5

1865-0937

Yong Wang, Xiuxia Tian, Jianping Xu, Shuai Chen, Heng Yang,

Cloud Data Security Solutions

Intel SYSTET privilege escalation vulnerability CVE-2012-0217 is recently discovered, which can escalate user privilege ring 3 to kernel system ring 0 and affect many operating systems, such as Intel x64-based versions of Windows 7 and Windows Server 2008 R2. We compared the SYSRET instruction difference between AMD instruction system and Intel instruction system. And summarized the Intel SYSRET privilege escalation procedure according to windows privilege rings structure, IA-32, IA-64 memory model, Intel IA-64 SYSCALL and SYSRET instructions. In the end we discussed CVE-2012-0217 vulnerability as SYSRET privilege escalation.