The US Computer Emergency Response Team (US-CERT) has advised that some 64-bit operating systems and virtualization software running on Intel 64 CPU hardware are vulnerable to a local privilege escalation attack. An attacker may exploit the vulnerability to escalate privileges or gain access to the host machine from a guest virtual machine.
The vulnerability is identified as CVE-2012-0217 and stems from the way Intel 64 CPUs have implemented the SYSRET instruction. The vulnerability can only be exploited on Intel CPUs when the Intel 64 extension is in use, that is, using a 64-bit OS; 32-bit OSes are not affected.
AMD does not implement the SYSRET instruction the same way and is not similarly affected. However, systems running on AMD64 chips may lock up under an attack and may therefore pose a Denial of Service (DoS) vulnerability.
A list of vendors and their vulnerability status is shown below. Note that this list may not be updated and you should check the CERT-US website for updates.
| Vendor | Status |
|---|---|
| Citrix | Affected |
| FreeBSD Project | Affected |
| Intel Corporation | Affected |
| Joyent | Affected |
| Microsoft Corporation | Affected |
| NetBSD | Affected |
| Oracle Corporation | Affected |
| Red Hat, Inc. | Affected |
| SUSE Linux | Affected |
| Xen | Affected |
| AMD | Not Affected |
| Apple Inc. | Not Affected |
| VMware | Not Affected |
| Debian GNU/Linux | Unknown |
| Fedora Project | Unknown |
Interxect Services advises customers to update your systems with vendor approved patches as they become available.
