{"uuid": "701851ee-0bb3-4c70-baa9-62d14daaea7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2012-0217", "type": "seen", "source": "https://infosec.exchange/users/andersonc0d3/statuses/116714668750112519", "content": "A few links about CVE-2012-0217\u2014the SYSRET vulnerability. A difference in behavior on Intel CPUs compared to other x86 CPUs that allowed Arbitrary Code Execution on kernels and hypervisors.\nThe first link below is from a presentation at Black Hat by the researcher who discovered it.\nThe second link, if I am not mistaken, is the first public exploit for that vulnerability, achieving Privilege Escalation on FreeBSD.\nThen I found two blog posts from the now-defunct company VUPEN, detailing how they exploited it on Windows and Xen.\nThe last two links are the official blog post from the Xen Project and a technical write-up from NCC Group about exploiting Xen based on the VUPEN article.\nA Stitch in Time Saves Nine: A Case of Multiple Operating System Vulnerability https://media.blackhat.com/bh-us-12/Briefings/Wojtczuk/BH_US_12_Wojtczuk_A_Stitch_In_Time_Slides.pdf\nCVE-2012-0217: Intel's sysret Kernel Privilege Escalation (on FreeBSD) https://fail0verflow.com/blog/2012/cve-2012-0217-intel-sysret-freebsd/\nAdvanced Exploitation of Windows Kernel Intel 64-Bit Mode Sysret Vulnerability (MS12-042) https://web.archive.org/web/20120824020724/http://www.vupen.com/blog/20120806.Advanced_Exploitation_of_Windows_Kernel_x64_Sysret_EoP_MS12-042_CVE-2012-0217.php\nAdvanced Exploitation of Xen Hypervisor Sysret VM Escape Vulnerability https://web.archive.org/web/20120908033139/http://www.vupen.com/blog/20120904.Advanced_Exploitation_of_Xen_Sysret_VM_Escape_CVE-2012-0217.php\nThe Intel SYSRET privilege escalation https://xenproject.org/blog/the-intel-sysret-privilege-escalation/\nAdventures in Xen Exploitation https://www.nccgroup.com/research/adventures-in-xen-exploitation/\nThere's also this academic work, but I couldn't find the full-text PDF. \nIntel SYSRET Privilege Escalation Vulnerability Analysishttps://link.springer.com/chapter/10.1007/978-3-642-35211-9_5", "creation_timestamp": "2026-06-08T13:15:12.580168Z"}