Vigil@nce - AMD Piledriver: privilege escalation via Microcode
May 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker in a guest system can trigger an error in the
Microcode of AMD Piledriver processors, in order to escalate his
privileges on the host system.
– Impacted products: Debian, Windows (platform) not comprehensive,
Unix (platform) not comprehensive.
– Severity: 2/4.
– Creation date: 24/03/2016.
DESCRIPTION OF THE VULNERABILITY
The AMD Piledriver processor is used by:
– AMD-FX 32nm (Vishera)
– AMD Opteron 3300
– AMD Opteron 4300
– AMD Opteron 6300
However, the AMD microcode version 0x6000832 and 0x6000836 does
not correctly manage the NMI (Non-Maskable Interrupts). This error
impacts virtualized environments.
An attacker in a guest system can therefore trigger an error in
the Microcode of AMD Piledriver processors, in order to escalate
his privileges on the host system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/AMD-Piledriver-privilege-escalation-via-Microcode-19229