Intel's Supervisor Mode Execution Protection (SMEP)

Discussion in 'Intel x86 CPUs and chipsets' started by stmok, Jun 7, 2011.

  1. stmok

    stmok Member

    Joined:
    Jul 24, 2001
    Messages:
    8,878
    Location:
    Sydney
    I thought this would be interesting to share. I wasn't really sure where to post this. But since its a hardware feature, I'll stick it here.

    In mid-May, an Intel employee submitted a patch to the Linux Kernel to enable support for an unannounced security-related feature in their CPUs. :confused:

    Its called SMEP (Supervisor Mode Execution Protection).

    While I couldn't find any info on it from Intel, a security researcher (whitehat hacker) has blogged about it in detail...

    SMEP: What is It, and How to Beat It on Linux
    => http://vulnfactory.org/blog/2011/06/05/smep-what-is-it-and-how-to-beat-it-on-linux/

    At this time, no Intel processor supports SMEP. Presumably, it will be a feature in Ivy Bridge for 2012. (We can also assume Windows 8 will support it. Maybe a patch or Service Pack feature for Windows Vista/7?)
     

Share This Page