blob: f6ab4a57fee9e09f13de0d0a6933c03c4edaf5c0 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
x86 LSL and LAR fault
Description of problem:
From the description of LSL and LAR instructions in manual, `If the segment descriptor cannot be accessed or is an invalid type for the instruction, the ZF flag is cleared and no value is loaded in the destination operand.`. When it happens at the CPU, it seems they do nothing (nop). However, in QEMU, it crashes.
Steps to reproduce:
1. Compile this code
```
void main() {
asm("mov rax, 0xa02e698e741f5a6a");
asm("mov rbx, 0x20959ddd7a0aef");
asm("lsl ax, bx");
}
```
2. Execute. QEMU crashes but CPU does not. This problem happens with LAR, too.
Additional information:
This bug is discovered by research conducted by KAIST SoftSec.
|