Skip to main content
SpringerLink
Log in
Book cover

International Conference on Network Computing and Information Security

NCIS 2012: Network Computing and Information Security pp 30–37Cite as

Intel SYSRET Privilege Escalation Vulnerability Analysis

  • Conference paper

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 345))

Abstract

Intel SYSTET privilege escalation vulnerability CVE-2012-0217 is recently discovered, which can escalate user privilege ring 3 to kernel system ring 0 and affect many operating systems, such as Intel x64-based versions of Windows 7 and Windows Server 2008 R2. We compared the SYSRET instruction difference between AMD instruction system and Intel instruction system. And summarized the Intel SYSRET privilege escalation procedure according to windows privilege rings structure, IA-32, IA-64 memory model, Intel IA-64 SYSCALL and SYSRET instructions. In the end we discussed CVE-2012-0217 vulnerability as SYSRET privilege escalation.

This work is supported by State Key Laboratory of Information Security (Institute of Software, Chinese Academy of Sciences) (04-02-1), Shanghai Education Commission Innovation Foundation (11YZ192), Shanghai Science and Technology Commission Key Program (11511504400) and National Nature Science Foundation of China under Grant (60903188). Natural science foundation of Shanghai City (NO.12ZR1411900).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Niels, P., Markus, F., Peter, H.: Preventing Privilege Escalation. In: Proceedings of the 12th Conference on USENIX Security Symposium, SSYM 2003, vol. 12, p. 16 (2003)

    Google Scholar 

  2. Toshiyuki, M.: Kernel korner: kernel mode Linux for AMD64. J. Linux Journal 205, 136 (2005)

    Google Scholar 

  3. Keith, A., Ole, A.: A comparison of software and hardware techniques for x86 virtualization. In: Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS-XII, pp. 1–12 (2006)

    Google Scholar 

  4. Arvind, S., Mark, L., Ning, Q., Adrian, P.: SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In: Proceedings of Twenty-First ACM SIGOPS Symposium on Operating Systems Principles, SOSP 2007, pp. 335–350 (2007)

    Google Scholar 

  5. Sven, B., Lucas, D., Alexandra, D., Thomas, F., Ahmad-Reza, S., Bhargava, S.: POSTER: The Quest for Security against Privilege Escalation Attacks on Android. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 741–743 (2011)

    Google Scholar 

  6. Peter, F., Angela, D.B., Ashvin, G.: Comprehensive kernel instrumentation via dynamic binary translation. In: Proceedings of the Seventeenth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2012, pp. 135–146 (2012)

    Google Scholar 

  7. Avadh, P., Furat, A., Shunfei, C., Kanad, G.: MARSS: a full system simulator for multicore x86 CPUs. In: Proceedings of the 48th Design Automation Conference, DAC 2011, pp. 1050–1055 (2011)

    Google Scholar 

  8. John, R.L., Peter, D., Kanad, G.: SymCall: symbiotic virtualization through VMM-to-guest upcalls. In: Proceedings of the 7th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE 2011, pp. 193–204 (2011)

    Google Scholar 

  9. The Intel SYSRET privilege escalation, http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/

  10. Privilege escalation, http://en.wikipedia.org/wiki/Privilege_escalation

  11. AMD Application Note, SYSCALL and SYSRET Instruction Specification

    Google Scholar 

  12. Intel, Intel® 64 and IA-32 Architectures Software Developer’s Manual Vol.1: Basic Architecture

    Google Scholar 

  13. Intel, Intel® 64 and IA-32 Architectures Software Developer’s Manual Vol. 2 (2A & 2B): Instruction Set Reference, A-Z

    Google Scholar 

  14. Jean, G.: Embedded X86 Programming: Protected Mode, Protection and Segmentation, Paging, http://home.swipnet.se/smaffy/asm/info/embedded_pmode.pdf

  15. IA-64 Architecture, http://www.linuxclustersinstitute.org/conferences/archive/2000/PDF/Tutorial_IA-64.pdf

  16. Jerry, H., Dale, M., Jonathan, R., Hewlett, P., Allan, K., Hans, M., Rumi, Z.: Introduction The IA-64 Architecture, pp. 12–23. IEEE (2000)

    Google Scholar 

  17. iZsh: CVE-2012-0217: Intel’s sysret Kernel Privilege Escalation (on FreeBSD), http://fail0verflow.com/blog/2012/cve-2012-0217-intel-sysret-freebsd.html

  18. CVE-2012-0217, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Technology, Shanghai University of Electric Power, Pingliang Road. 2103, 200090, Shanghai, China

    Yong Wang, Xiuxia Tian, Jianping Xu, Shuai Chen & Heng Yang

Authors
  1. Yong Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiuxia Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianping Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shuai Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Heng Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer and Information Engineering, Shanghai University of Electric Power, 200090, Shanghai, China

    Jingsheng Lei

  2. Caritas Institute of Higher Education, 18 Chui Ling Road, Tseung Kwan O, Hong Kong, China

    Fu Lee Wang

  3. School of Computer Engineering, Computer Science Division, Nanyang Technological University (NTU), 50 Nanyang Avenue, Singapore

    Mo Li

  4. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 200030, Shanghai, China

    Yuan Luo

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wang, Y., Tian, X., Xu, J., Chen, S., Yang, H. (2012). Intel SYSRET Privilege Escalation Vulnerability Analysis. In: Lei, J., Wang, F.L., Li, M., Luo, Y. (eds) Network Computing and Information Security. NCIS 2012. Communications in Computer and Information Science, vol 345. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35211-9_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35211-9_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35210-2

  • Online ISBN: 978-3-642-35211-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation