blob: c7e0ba3475ba5da47fb07c4a9d65d1cf17387886 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
device: 0.854
graphic: 0.701
vnc: 0.674
socket: 0.609
performance: 0.549
debug: 0.535
permissions: 0.525
network: 0.505
boot: 0.489
semantic: 0.444
PID: 0.269
files: 0.263
KVM: 0.243
other: 0.223
x86 LSL and LAR fault
Description of problem:
From the description of LSL and LAR instructions in manual, `If the segment descriptor cannot be accessed or is an invalid type for the instruction, the ZF flag is cleared and no value is loaded in the destination operand.`. When it happens at the CPU, it seems they do nothing (nop). However, in QEMU, it crashes.
Steps to reproduce:
1. Compile this code
```
void main() {
asm("mov rax, 0xa02e698e741f5a6a");
asm("mov rbx, 0x20959ddd7a0aef");
asm("lsl ax, bx");
}
```
2. Execute. QEMU crashes but CPU does not. This problem happens with LAR, too.
Additional information:
This bug is discovered by research conducted by KAIST SoftSec.
|