Frisk says that Microsoft's Meltdown patch (for CVE-2017-5754) —released in the January 2018 Patch Tuesday— accidentally flipped a bit that controls the access permission for kernel memory. Frisk explains:Microsoft quietly patched the bugs earlier this month, via the March Patch Tuesday rollout.
In short - the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself.
The PML4 is the base of the 4-level in-memory page table hierarchy that the CPU Memory Management Unit (MMU) uses to translate the virtual addresses of a process into physical memory addresses in RAM.
Meltdown patches introduced major kernel vulnerability on Windows 7
Posted on Wednesday, March 28 2018 @ 13:52 CEST by Thomas De Maesschalck