Bilbo writes “A researcher of the french NSA discovered a scary vulnerability in modern x86 cpus and chipsets that expose the kernel to direct tampering.
The problem is that a feature called System Management Mode could be used to bypass the kernel and execute code at the highest level possible: ring zero. The big problem is that the attack is possible thanks to the way X Windows is designed, and so the only way to eradicate it is to redesign it, moving video card driver into the kernel, but it seems that this cannot be done also for missing drivers and documentation!
This is another example of insecurity that cannot be fixed because of unresponsible vendors…”
The problem is that a feature called System Management Mode could be used to bypass the kernel and execute code at the highest level possible: ring zero. The big problem is that the attack is possible thanks to the way X Windows is designed, and so the only way to eradicate it is to redesign it, moving video card driver into the kernel, but it seems that this cannot be done also for missing drivers and documentation!
This is another example of insecurity that cannot be fixed because of unresponsible vendors…”
Link: securityfocus.com
Category:
- Security
