Lucene search

[email protected]NVD:CVE-2018-8897

HistoryMay 08, 2018 - 6:29 p.m.

CVE-2018-8897

2018-05-0818:29:00

CWE-362

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.2%

JSON

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer’s Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.

Affected configurations

NVD

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch17.10

Node

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch7.0

redhatenterprise_virtualization_managerMatch3.0

Node

citrixxenserverMatch6.0.2

citrixxenserverMatch6.2.0

citrixxenserverMatch6.5

citrixxenserverMatch7.0

citrixxenserverMatch7.1

citrixxenserverMatch7.2

citrixxenserverMatch7.3

citrixxenserverMatch7.4

Node

synologyskynasMatch-

synologydiskstation_managerMatch5.2

synologydiskstation_managerMatch6.0

synologydiskstation_managerMatch6.1

Node

applemac_os_xRange<10.13.4

Node

xenxenMatch-x86

Node

freebsdfreebsdRange11.0–11.1

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9

openwall.com/lists/oss-security/2018/05/08/1

openwall.com/lists/oss-security/2018/05/08/4

www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en

www.securityfocus.com/bid/104071

www.securitytracker.com/id/1040744

www.securitytracker.com/id/1040849

www.securitytracker.com/id/1040861

www.securitytracker.com/id/1040866

www.securitytracker.com/id/1040882

access.redhat.com/errata/RHSA-2018:1318

access.redhat.com/errata/RHSA-2018:1319

access.redhat.com/errata/RHSA-2018:1345

access.redhat.com/errata/RHSA-2018:1346

access.redhat.com/errata/RHSA-2018:1347

access.redhat.com/errata/RHSA-2018:1348

access.redhat.com/errata/RHSA-2018:1349

access.redhat.com/errata/RHSA-2018:1350

access.redhat.com/errata/RHSA-2018:1351

access.redhat.com/errata/RHSA-2018:1352

access.redhat.com/errata/RHSA-2018:1353

access.redhat.com/errata/RHSA-2018:1354

access.redhat.com/errata/RHSA-2018:1355

access.redhat.com/errata/RHSA-2018:1524

bugzilla.redhat.com/show_bug.cgi?id=1567074

github.com/can1357/CVE-2018-8897/

github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9

help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

lists.debian.org/debian-lts-announce/2018/05/msg00015.html

lists.debian.org/debian-lts-announce/2018/06/msg00000.html

lists.debian.org/debian-lts-announce/2018/11/msg00013.html

patchwork.kernel.org/patch/10386677/

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897

security.netapp.com/advisory/ntap-20180927-0002/

support.apple.com/HT208742

support.citrix.com/article/CTX234679

svnweb.freebsd.org/base?view=revision&revision=333368

usn.ubuntu.com/3641-1/

usn.ubuntu.com/3641-2/

www.debian.org/security/2018/dsa-4196

www.debian.org/security/2018/dsa-4201

www.exploit-db.com/exploits/44697/

www.exploit-db.com/exploits/45024/

www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc

www.kb.cert.org/vuls/id/631579

www.synology.com/support/security/Synology_SA_18_21

www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html

xenbits.xen.org/xsa/advisory-260.html

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.2%

JSON

CVE-2018-8897

Affected configurations

References

Related