.comment-link {margin-left:.6em;}

<Summary> YATB, Yet Another Technology Blog </Summary>

Saturday, March 21, 2009

Intel SMM Exploit Code Released

Johanna Rutkowska and her team at Invisiblethings have done it again. Their team which has earlier found several issues with Intel chips have found another major exploit in Intels SMM [ System Management Mode ] which is Ring -2. Yes minus 2, a level which is at a much more privilige level at which OS runs.

In what may be embarrassing for Intel would be that the expoit unveiled by the team also mentions that Intel filed for patents which apparently fixed up these exploits but have somehow not been integrated into the processor. It also describes just how easy it is for someone with root access on Linux can modify mtrr [ Memory Type Range Register ] using /proc file system and get into SMM mode.

Arstechnica is also covering the story "Intel CPU-level exploit could be tempest in a teapot"



Post a Comment

<< Home