Six years ago Linux kernel developers fixed a vulnerability that was caused by using the "sysret" privileged Intel CPU instruction in an unsafe manner. Apparently, nobody realized (or cared enough to let others know) the full impact and how widespread and reliably exploitable the problem is: in 2012, four other popular operating systems were found to be vulnerable to user-to-kernel privilege escalation resulting from the same root cause.
The presentation will explain the subtleties of the relevant Intel CPU instructions and the variety of ways they can be reliably exploited on unpatched systems. Exploits for a few affected operating systems will be demonstrated.
Attendees are expected to have basic understanding of Intel CPUs architecture.
Rafal Wojtczuk has over 15 years of experience with computer security. Specializing primarily in kernel and virtualization security, over the years he has disclosed many security vulnerabilities in popular operating system kernels and virtualization software. He is also well known for his articles on advanced exploitation techniques, including novel methods for exploiting buffer overflows in partially randomized address space environments. Recently he was researching advanced Intel security-related technologies, particularly TXT and VTd. He is also the author of libnids, a low-level packet reassembly library. He holds a Master's Degree in Computer Science from University of Warsaw.