Skip to main content
Unix & Linux

Return to Answer

Update of the hyperlinks
Source Link
edit approved Nov 29, 2020 at 21:23
RKou
edit approved Nov 29, 2020 at 21:23
RKou
  • 172
  • 1
  • 7

As explained here:

http://www.gossamer-threads.com/lists/linux/kernel/970025https://lists.archive.carbon60.com/linux/kernel/970025

and here:

https://labs.bromium.com/2015/02/02/exploiting-badiret-vulnerability-cve-2014-9322-linux-kernel-privilege-escalation/https://bromiumlabs.wordpress.com/2015/02/02/exploiting-badiret-vulnerability-cve-2014-9322-linux-kernel-privilege-escalation/

GS register is used to differentiate between usermode and kernel mode range of address, after adding the relevant logical address component.

The instruction swapgs is used to swap the GS register with the MSR values, and only in privileged mode this can be done.

For example, swapgs must always be done during the start of the IDT handler and after it, so that kernel mode memory is used.

As explained here:

http://www.gossamer-threads.com/lists/linux/kernel/970025

and here:

https://labs.bromium.com/2015/02/02/exploiting-badiret-vulnerability-cve-2014-9322-linux-kernel-privilege-escalation/

GS register is used to differentiate between usermode and kernel mode range of address, after adding the relevant logical address component.

The instruction swapgs is used to swap the GS register with the MSR values, and only in privileged mode this can be done.

For example, swapgs must always be done during the start of the IDT handler and after it, so that kernel mode memory is used.

As explained here:

https://lists.archive.carbon60.com/linux/kernel/970025

and here:

https://bromiumlabs.wordpress.com/2015/02/02/exploiting-badiret-vulnerability-cve-2014-9322-linux-kernel-privilege-escalation/

GS register is used to differentiate between usermode and kernel mode range of address, after adding the relevant logical address component.

The instruction swapgs is used to swap the GS register with the MSR values, and only in privileged mode this can be done.

For example, swapgs must always be done during the start of the IDT handler and after it, so that kernel mode memory is used.

Source Link
Peter Teoh
Peter Teoh
  • 277
  • 2
  • 7

As explained here:

http://www.gossamer-threads.com/lists/linux/kernel/970025

and here:

https://labs.bromium.com/2015/02/02/exploiting-badiret-vulnerability-cve-2014-9322-linux-kernel-privilege-escalation/

GS register is used to differentiate between usermode and kernel mode range of address, after adding the relevant logical address component.

The instruction swapgs is used to swap the GS register with the MSR values, and only in privileged mode this can be done.

For example, swapgs must always be done during the start of the IDT handler and after it, so that kernel mode memory is used.