x86: mishandling of debug exceptions

ISSUE DESCRIPTION When switching stacks, it is critical to have a matching stack segment and stack pointer. To allow an atomic update from what would otherwise be two adjacent instructions, an update which changes the stack segment either a mov or pop instruction with %ss encoded as the destinati...

CVE-2018-8897

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for DB exceptions that are deferred by MOV SS or POP SS, as demonstrated ...

UBUNTU-CVE-2018-8897

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for DB exceptions that are deferred by MOV SS or POP SS, as demonstrated ...

Debug Exception May Cause Unexpected Behavior

CERT Coordination Center CERT/CC has released information for CVE-2018-8897 – unexpected behavior for debug exceptions. A local attacker could exploit this bug to obtain sensitive information. NCCIC encourages users and administrators to review CERT/CC’s Vulnerability Note VU 631579 for more...

BSA-2018-601

Security Advisory ID : BSA-2018-601 Component : Kernel Revision : 1.0: Final In some circumstances, some operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception. The error appears to be due to developer interpretation of existing...

Hardware debug exception documentation may result in unexpected behavior

Overview In some circumstances, some operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception. The error appears to be due to developer interpretation of existing documentation for certain Intel architecture interrupt/exception instructions...

FreeBSD -- Mishandling of x86 debug exceptions

Problem Description: The MOV SS and POP SS instructions inhibit debug exceptions until the instruction boundary following the next instruction. If that instruction is a system call or similar instruction that transfers control to the operating system, the debug exception will be handled in the...

FreeBSD-SA-18:06.debugreg

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:06.debugreg Security Advisory The FreeBSD Project Topic: Mishandling of x86 debug exceptions Category: core Module: kernel Announced: 2018-05-08 Credits: Nic...

pcs security update

0.9.162-5.0.3.el75.1 - Unlike RHEL we DO have corosync/pacemaker for aarch64 on EL7 - replace logo pcsd/public/favicon.ico in tarball - remove Source1 HAM-logo.png 0.9.162-5.el75.1 - Fixed CVE-2018-1086 pcs: Debug parameter removal bypass, allowing information disclosure - Fixed CVE-2018-1079 pcs...

Microsoft Windows 10: Debug programs

This policy setting determines which users can attach to or open any process, even those they do not own. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components need this user right. This user right provid...

NetApp OnCommand Unified Manager for Linux Arbitrary Code Execution Vulnerability

NetApp OnCommand Unified Manager for Linux is a set of Linux-based ONTAP system management software from the U.S. company NetApp. The software can simplify data management, monitoring storage system infrastructure and detect faults and so on. A security vulnerability exists in NetApp OnCommand...

Amazon Linux 2 : pcs (ALAS-2018-1005)

Debug parameter removal bypass, allowing information disclosure It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

Important: pcs

Issue Overview: Debug parameter removal bypass, allowing information disclosure It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use...

CVE-2018-5486

NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol JDWP enabled which allows unauthorized local attackers to execute arbitrary code...

Code injection

NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol JDWP enabled which allows unauthorized local attackers to execute arbitrary code...

Chrome V8 JIT - AwaitedPromise Update Bug

Chrome V8 JIT - AwaitedPromise Update Bug / Here's a snippet of AsyncGeneratorReturn. https://cs.chromium.org/chromium/src/v8/src/builtins/builtins-async-generator-gen.cc?rcl=bcd1365cf7fac0d7897c43b377c143aae2d22f92&l=650 Node const context = ParameterDescriptor::kContext; Node const outerpromise...

Router vulnerability analysis the fifth bomb: CVE-2018-5767 router remote code execution-vulnerability warning-the black bar safety net

Vulnerability overview CVE-2018-5767 TENDA AC15 router right remote code execution Reference information: https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/ Vulnerability firmware version: Tenda cn Ac15firmware:15.03.1.16 2. The vulnerability analysis. Vulnerabilities file is...

Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion

/ https://cs.chromium.org/chromium/src/v8/src/compiler/node-properties.cc?rcl=df84e87191022bf6914f9570069908f10b303245&l=416 Here's a snippet of NodeProperties::InferReceiverMaps. case IrOpcode::kJSCreate: if IsSamereceiver, effect HeapObjectMatcher mtargetGetValueInputeffect, 0; HeapObjectMatche...

Chrome V8 JIT - NodeProperties::InferReceiverMaps Type Confusion

Chrome V8 JIT - NodeProperties::InferReceiverMaps Type Confusion / https://cs.chromium.org/chromium/src/v8/src/compiler/node-properties.cc?rcl=df84e87191022bf6914f9570069908f10b303245&l=416 Here's a snippet of NodeProperties::InferReceiverMaps. case IrOpcode::kJSCreate: if IsSamereceiver, effect...

Loading Kernel Shellcode

In the wake of recent hacking tool dumps, the FLARE team saw a spike in malware samples detonating kernel shellcode. Although most samples can be analyzed statically, the FLARE team sometimes debugs these samples to confirm specific functionality. Debugging can be an efficient way to get around...