Demo exploitation of the POP SS vulnerability (CVE-2018-8897), leading to unsigned code execution with kernel privilages.

- KVA Shadowing should be disabled and the relevant security update should be uninstalled.
- This may not work with certain hypervisors (like VMWare), which discard the pending #DB after INT3.

Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44697.zip

exploitpack 1

photon 2

oraclelinux 5

nessus 79

debiancve 2

huawei 2

cisa 1

redhatcve 3

prion 3

xen 1

veracode 1

openvas 50

packetstorm 1

cert 1

ubuntucve 2

cve 3

mscve 1

zdt 2

threatpost 1

metasploit 1

freebsd 1

redhat 12

symantec 1

osv 4

f5 2

qualysblog 1

freebsd_advisory 1

exploitdb 1

mskb 1

suse 2

debian 4

ubuntu 2

virtuozzo 1

apple 2

cloudfoundry 1

citrix 1

exploitpack

Microsoft Windows - POPMOV SS Privilege Escalation

2018-05-22 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0132-A

2018-05-03 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0037-A

2018-04-24 00:00:00

oraclelinux

Unbreakable Enterprise kernel security update

2018-05-08 00:00:00

Unbreakable Enterprise kernel security update

2018-05-08 00:00:00

kernel security update

2018-09-18 00:00:00

nessus

Photon OS 1.0: Linux PHSA-2018-1.0-0132-(a)

2019-02-07 00:00:00

FreeBSD : FreeBSD -- Mishandling of x86 debug exceptions (521ce804-52fd-11e8-9123-a4badb2f4699)

2018-05-09 00:00:00

F5 Networks BIG-IP : Linux kernel vulnerability (K17403481)

2018-11-02 00:00:00

debiancve

CVE-2018-8897

2018-05-08 18:29:00

CVE-2018-10872

2018-07-10 19:29:00

huawei

Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products

2019-09-21 00:00:00

Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products

2019-09-21 00:00:00

cisa

Debug Exception May Cause Unexpected Behavior

2018-05-08 00:00:00

redhatcve

CVE-2018-8897

2020-04-07 11:35:31

CVE-2018-10872

2018-07-10 15:19:17

CVE-2018-1087

2020-04-08 20:05:13

prion

Privilege escalation

2018-05-08 18:29:00

Code injection

2018-07-10 19:29:00

Race condition

2023-11-14 19:15:00

xen

x86: mishandling of debug exceptions

2018-05-08 16:45:00

veracode

Local Privilege Escalation

2019-01-15 09:21:51

openvas

Huawei Data Communication: Privilege Escalation Vulnerability in Some Huawei Products (huawei-sa-20181010-01-debug)

2020-05-26 00:00:00

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1119)

2020-01-23 00:00:00

SUSE: Security Advisory (SUSE-SU-2018:1513-1)

2021-04-19 00:00:00

packetstorm

Microsoft Windows POP/MOV SS Local Privilege Elevation

2018-07-13 00:00:00

cert

Hardware debug exception documentation may result in unexpected behavior

2018-05-08 00:00:00

ubuntucve

CVE-2018-8897

2018-05-08 00:00:00

CVE-2018-10872

2018-07-10 00:00:00

cve

CVE-2018-8897

2018-05-08 18:29:00

CVE-2023-20571

2023-11-14 19:15:15

CVE-2018-10872

2018-07-10 19:29:00

mscve

Windows Kernel Elevation of Privilege Vulnerability

2018-05-08 07:00:00

zdt

Microsoft Windows #MicrosoftWindows POP/MOV SS Local Privilege Elevation Exploit

2018-07-13 00:00:00

Microsoft Windows - POP/MOV SS Privilege Escalation Exploit

2018-05-23 00:00:00

threatpost

Major OS Players Misinterpret Intel Docs, and Now Kernels Can Be Hijacked

2018-05-10 15:37:07

metasploit

Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability

2018-07-13 06:11:37

freebsd

FreeBSD -- Mishandling of x86 debug exceptions

2018-05-08 00:00:00

redhat

(RHSA-2018:1353) Moderate: kernel security update

2018-05-08 21:59:19

(RHSA-2018:1352) Moderate: kernel security update

2018-05-08 21:59:05

(RHSA-2018:1349) Moderate: kernel security and bug fix update

2018-05-08 20:59:57

symantec

Microsoft Windows Kernel CVE-2018-8897 Local Privilege Escalation Vulnerability

2018-05-08 00:00:00

osv

CVE-2018-8897

2018-05-08 18:29:00

linux - security update

2018-05-08 00:00:00

xen - security update

2018-05-25 00:00:00

K17403481 : Linux kernel vulnerability CVE-2018-8897

2018-05-15 00:00:00

K05345625 : Linux kernel vulnerability CVE-2018-10872

2020-12-17 00:00:00

qualysblog

What we’ve got here is failure to communicate: OS vendors misread CPU docs, create flaw

2018-05-14 18:47:42

freebsd_advisory

FreeBSD-SA-18:06.debugreg

2018-05-08 00:00:00

exploitdb

Microsoft Windows - POP/MOV SS Local Privilege Elevation (Metasploit)

2018-07-13 00:00:00

mskb

Description of the security update for vulnerabilities in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009: May 08, 2018

2018-05-08 07:00:00

suse

Security update for the Linux Kernel (important)

2018-05-09 00:07:18

Security update for xen (important)

2018-05-11 15:07:06

debian

[SECURITY] [DLA 1383-1] xen security update

2018-05-25 11:03:07

[SECURITY] [DSA 4196-1] linux security update

2018-05-08 21:54:36

[SECURITY] [DSA 4196-1] linux security update

2018-05-08 21:54:36

ubuntu

Linux kernel vulnerabilities

2018-05-08 00:00:00

Linux kernel vulnerabilities

2018-05-08 00:00:00

virtuozzo

Important product update: Virtuozzo 7.0 Update 7 Hotfix 3 (7.0.7-461)

2018-05-30 00:00:00

apple

About the security content of Security Update 2018-001

2018-04-24 00:00:00

About the security content of Security Update 2018-001 - Apple Support

2018-05-08 05:03:32

cloudfoundry

USN-3641-1: Linux kernel vulnerabilities | Cloud Foundry

2018-06-05 00:00:00

citrix

Citrix XenServer Multiple Security Updates

2018-05-08 04:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

30.0%

JSON

Related for EDB-ID:44697

Microsoft Windows - &#039;POP/MOV SS&#039; Privilege Escalation

Related

Microsoft Windows - 'POP/MOV SS' Privilege Escalation