The sandsifter project has found undocumented Intel x86 processor instructions that have been kept secret by Intel. It does this by testing millions of instruction op codes and seeing what happens.
Their documentation at the Github repo says they typically find millions of instruction opcodes that work, but they can be binned into several main categories:
- Software bug (for example, a bug in your hypervisor or disassembler),
- Hardware bug (a bug in your CPU), or
- Undocumented instruction (an instruction that exists in the processor, but is not acknowledged by the manufacturer)
Who knows how any of these categories of problems could be exploited by a hacker in unexpected ways. As they say:
Scanning with the sandsifter has uncovered undocumented processor features across dozens of opcode categories, flaws in enterprise hypervisors, bugs in nearly every major disassembly and emulation tool, and critical hardware bugs opening security vulnerabilities in the processor itself.
Yup, looks pretty bad to me.
The sandsifter whitepaper has more details.
Sources:
With the CIA installing back-doors at the factory, we need more projects like this if we ever hope to be truly secure from hackers.
Interesting. Maybe they are experimental instruction that are not finished yet and Intel let them there because they didn't think anybody could find them, like when you let methods inside a class that you never use, but nobody but you know they're there.