Vigil@nce - Linux kernel: buffer overflow of Intel microcode
March 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a buffer overflow with a malicious Intel
microcode, in order to trigger a denial of service of the Linux
kernel, and possibly to execute code.
Impacted products: Linux
Severity: 1/4
Creation date: 18/03/2015
DESCRIPTION OF THE VULNERABILITY
Intel processors use a microcode which converts assembler
instructions to electronic logic.
However, if the size of data is greater than the size of the
storage array, an overflow occurs in the get_matching_model_microcode()
function of the arch/x86/kernel/cpu/microcode/intel_early.c file.
It can be noted that this microcode is provided by Intel or a
Linux distribution editor, or by a local administrator.
An attacker can therefore generate a buffer overflow with a
malicious Intel microcode, in order to trigger a denial of service
of the Linux kernel, and possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-buffer-overflow-of-Intel-microcode-16414