Back to All Events

Privilege escalation on high-end servers due to implementation gaps in CPU Hot-Add flow

by Cuauhtemoc Chavez Corona + Rene Henriquez + Laura Fuentes Castaneda + Jorge Gonzalez Diaz + Jan Seidl, Intel
50min

Server systems are characterized among other things by unique features and technologies meant to increase their robustness to cope with mission critical applications while maintaining security. Since these machines are most of the time physically isolated behind the walls of big Datacenters and enterprises, many attacks are considered out-of-scope when ana- lyzing their security objectives (i.e.: physical attacks and attacks that require physical possession of a system). In this work, we demonstrate three cases on how to exploit weaknesses on a server- specific feature known as CPU Hot-Add to escalate privileges. We also demonstrate effective countermeasures to restrain the threats; such countermeasures are implemented today by system Firmware (e.g.: BIOS). We provide a detailed security analysis with a high-level introduction of RAS (Reliability, Availability and Serviceability) features and the CPU Hot-Add flow, which is the central topic of this research.