Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-8897

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.

Published

2018-05-08T18:29:00.547

Last Modified

2024-11-21T04:14:33.140

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-362

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	debian	debian_linux	7.0	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	canonical	ubuntu_linux	14.04	Yes
Operating System	canonical	ubuntu_linux	16.04	Yes
Operating System	canonical	ubuntu_linux	17.10	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes
Operating System	redhat	enterprise_virtualization_manager	3.0	Yes
Application	citrix	xenserver	6.0.2	Yes
Application	citrix	xenserver	6.2.0	Yes
Application	citrix	xenserver	6.5	Yes
Application	citrix	xenserver	7.0	Yes
Application	citrix	xenserver	7.1	Yes
Application	citrix	xenserver	7.2	Yes
Application	citrix	xenserver	7.3	Yes
Application	citrix	xenserver	7.4	Yes
Application	synology	skynas	-	Yes
Operating System	synology	diskstation_manager	5.2	Yes
Operating System	synology	diskstation_manager	6.0	Yes
Operating System	synology	diskstation_manager	6.1	Yes
Operating System	apple	mac_os_x	< 10.13.4	Yes
Operating System	xen	xen	-	Yes
Operating System	freebsd	freebsd	< 11.1	Yes

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 Patch, Third Party Advisory ([email protected])
http://openwall.com/lists/oss-security/2018/05/08/1 Mailing List, Third Party Advisory ([email protected])
http://openwall.com/lists/oss-security/2018/05/08/4 Mailing List, Third Party Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en ([email protected])
http://www.securityfocus.com/bid/104071 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1040744 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1040849 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1040861 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1040866 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1040882 Third Party Advisory, VDB Entry ([email protected])
https://access.redhat.com/errata/RHSA-2018:1318 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:1319 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:1345 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:1346 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:1347 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:1348 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:1349 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:1350 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:1351 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:1352 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:1353 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:1354 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:1355 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:1524 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1567074 Issue Tracking, Third Party Advisory ([email protected])
https://github.com/can1357/CVE-2018-8897/ Exploit, Third Party Advisory ([email protected])
https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 Patch, Third Party Advisory ([email protected])
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 ([email protected])
https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html ([email protected])
https://patchwork.kernel.org/patch/10386677/ Patch, Third Party Advisory ([email protected])
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897 Patch, Third Party Advisory, Vendor Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20180927-0002/ ([email protected])
https://support.apple.com/HT208742 Third Party Advisory ([email protected])
https://support.citrix.com/article/CTX234679 Third Party Advisory ([email protected])
https://svnweb.freebsd.org/base?view=revision&revision=333368 Third Party Advisory ([email protected])
https://usn.ubuntu.com/3641-1/ Third Party Advisory ([email protected])
https://usn.ubuntu.com/3641-2/ Third Party Advisory ([email protected])
https://www.debian.org/security/2018/dsa-4196 Third Party Advisory ([email protected])
https://www.debian.org/security/2018/dsa-4201 Third Party Advisory ([email protected])
https://www.exploit-db.com/exploits/44697/ Exploit, Third Party Advisory, VDB Entry ([email protected])
https://www.exploit-db.com/exploits/45024/ ([email protected])
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc Third Party Advisory ([email protected])
https://www.kb.cert.org/vuls/id/631579 ([email protected])
https://www.synology.com/support/security/Synology_SA_18_21 Third Party Advisory ([email protected])
https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html Third Party Advisory ([email protected])
https://xenbits.xen.org/xsa/advisory-260.html Patch, Third Party Advisory ([email protected])
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2018/05/08/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2018/05/08/4 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/104071 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1040744 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1040849 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1040861 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1040866 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1040882 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1318 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1319 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1345 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1346 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1347 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1348 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1349 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1350 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1351 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1352 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1353 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1354 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1355 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1524 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1567074 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/can1357/CVE-2018-8897/ Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html (af854a3a-2127-422b-91ae-364da2661108)
https://patchwork.kernel.org/patch/10386677/ Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897 Patch, Third Party Advisory, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20180927-0002/ (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT208742 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.citrix.com/article/CTX234679 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://svnweb.freebsd.org/base?view=revision&revision=333368 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3641-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3641-2/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4196 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4201 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/44697/ Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/45024/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.kb.cert.org/vuls/id/631579 (af854a3a-2127-422b-91ae-364da2661108)
https://www.synology.com/support/security/Synology_SA_18_21 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://xenbits.xen.org/xsa/advisory-260.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)