Executive Summary

Informations
Name CVE-2018-8897 First vendor Publication 2018-05-08
Vendor Cve Last vendor Modification 2019-10-03

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 7.8
Base Score 7.8 Environmental Score 7.8
impact SubScore 5.9 Temporal Score 7.8
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8897

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-362 Race Condition

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 8
Application 1
Os 138
Os 3
Os 3
Os 396
Os 1
Os 1
Os 1
Os 3
Os 1

Snort® IPS/IDS

Date Description
2018-07-10 Microsoft Windows Interrupt Service Routine stack rollback attempt
RuleID : 46910 - Revision : 2 - Type : INDICATOR-COMPROMISE
2018-07-10 Microsoft Windows Interrupt Service Routine stack rollback attempt
RuleID : 46909 - Revision : 2 - Type : INDICATOR-COMPROMISE
2018-07-10 Microsoft Windows processor modification return to user-mode attempt
RuleID : 46908 - Revision : 2 - Type : INDICATOR-COMPROMISE
2018-07-10 Microsoft Windows processor modification return to user-mode attempt
RuleID : 46907 - Revision : 2 - Type : INDICATOR-COMPROMISE
2018-07-10 Microsoft Windows malicious CONTEXT structure creation attempt
RuleID : 46906 - Revision : 2 - Type : INDICATOR-COMPROMISE
2018-07-10 Microsoft Windows malicious CONTEXT structure creation attempt
RuleID : 46905 - Revision : 2 - Type : INDICATOR-COMPROMISE
2018-07-10 Microsoft Windows SYSTEM token stealing attempt
RuleID : 46904 - Revision : 2 - Type : INDICATOR-COMPROMISE
2018-07-10 Microsoft Windows SYSTEM token stealing attempt
RuleID : 46903 - Revision : 2 - Type : INDICATOR-COMPROMISE
2018-07-03 Microsoft Windows kernel privilege escalation attempt
RuleID : 46835 - Revision : 1 - Type : OS-WINDOWS
2018-07-03 Microsoft Windows kernel privilege escalation attempt
RuleID : 46834 - Revision : 1 - Type : OS-WINDOWS
2018-07-03 Microsoft Windows ROP gadget locate attempt
RuleID : 46833 - Revision : 1 - Type : OS-WINDOWS
2018-07-03 Microsoft Windows ROP gadget locate attempt
RuleID : 46832 - Revision : 1 - Type : OS-WINDOWS
2018-07-03 Microsoft Windows kernel privilege escalation attempt
RuleID : 46831 - Revision : 1 - Type : OS-WINDOWS
2018-07-03 Microsoft Windows kernel privilege escalation attempt
RuleID : 46830 - Revision : 1 - Type : OS-WINDOWS

Metasploit Database

id Description
2018-05-08 Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability

Nessus® Vulnerability Scanner

Date Description
2019-01-03 Name : The remote Fedora host is missing a security update.
File : fedora_2018-a7ac26523d.nasl - Type : ACT_GATHER_INFO
2018-11-13 Name : The remote Debian host is missing a security update.
File : debian_DLA-1577.nasl - Type : ACT_GATHER_INFO
2018-11-02 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL17403481.nasl - Type : ACT_GATHER_INFO
2018-09-18 Name : The remote EulerOS Virtualization host is missing multiple security updates.
File : EulerOS_SA-2018-1270.nasl - Type : ACT_GATHER_INFO
2018-09-18 Name : The remote EulerOS Virtualization host is missing multiple security updates.
File : EulerOS_SA-2018-1263.nasl - Type : ACT_GATHER_INFO
2018-08-17 Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2018-1_0-0132-a.nasl - Type : ACT_GATHER_INFO
2018-07-24 Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2018-2_0-0037-a.nasl - Type : ACT_GATHER_INFO
2018-07-18 Name : The remote Virtuozzo host is missing multiple security updates.
File : Virtuozzo_VZA-2018-048.nasl - Type : ACT_GATHER_INFO
2018-07-16 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-2164.nasl - Type : ACT_GATHER_INFO
2018-06-05 Name : The remote host is missing a macOS or Mac OS X security update that fixes mul...
File : macosx_SecUpd2018-003.nasl - Type : ACT_GATHER_INFO
2018-06-05 Name : The remote host is missing a macOS update that fixes multiple security vulner...
File : macos_10_13_5.nasl - Type : ACT_GATHER_INFO
2018-06-05 Name : The remote Debian host is missing a security update.
File : debian_DLA-1392.nasl - Type : ACT_GATHER_INFO
2018-05-31 Name : The remote Virtuozzo host is missing multiple security updates.
File : Virtuozzo_VZA-2018-037.nasl - Type : ACT_GATHER_INFO
2018-05-31 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-1318.nasl - Type : ACT_GATHER_INFO
2018-05-30 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1023.nasl - Type : ACT_GATHER_INFO
2018-05-30 Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2018-1023.nasl - Type : ACT_GATHER_INFO
2018-05-29 Name : The remote Fedora host is missing a security update.
File : fedora_2018-7cd077ddd3.nasl - Type : ACT_GATHER_INFO
2018-05-29 Name : The remote Debian host is missing a security update.
File : debian_DLA-1383.nasl - Type : ACT_GATHER_INFO
2018-05-17 Name : The remote Fedora host is missing a security update.
File : fedora_2018-98684f429b.nasl - Type : ACT_GATHER_INFO
2018-05-16 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4201.nasl - Type : ACT_GATHER_INFO
2018-05-16 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1121.nasl - Type : ACT_GATHER_INFO
2018-05-15 Name : The remote Virtuozzo host is missing multiple security updates.
File : Virtuozzo_VZA-2018-029.nasl - Type : ACT_GATHER_INFO
2018-05-11 Name : A server virtualization platform installed on the remote host is affected by ...
File : citrix_xenserver_CTX234679.nasl - Type : ACT_GATHER_INFO
2018-05-10 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4196.nasl - Type : ACT_GATHER_INFO
2018-05-10 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-1319.nasl - Type : ACT_GATHER_INFO
2018-05-09 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1119.nasl - Type : ACT_GATHER_INFO
2018-05-09 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_521ce80452fd11e89123a4badb2f4699.nasl - Type : ACT_GATHER_INFO
2018-05-09 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1120.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/104071
CERT-VN https://www.kb.cert.org/vuls/id/631579
CONFIRM http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debu...
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+Stru...
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897
https://security.netapp.com/advisory/ntap-20180927-0002/
https://support.citrix.com/article/CTX234679
https://www.synology.com/support/security/Synology_SA_18_21
DEBIAN https://www.debian.org/security/2018/dsa-4196
https://www.debian.org/security/2018/dsa-4201
EXPLOIT-DB https://www.exploit-db.com/exploits/44697/
https://www.exploit-db.com/exploits/45024/
MISC http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8b...
http://openwall.com/lists/oss-security/2018/05/08/1
http://openwall.com/lists/oss-security/2018/05/08/4
https://bugzilla.redhat.com/show_bug.cgi?id=1567074
https://github.com/can1357/CVE-2018-8897/
https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d0...
https://patchwork.kernel.org/patch/10386677/
https://support.apple.com/HT208742
https://svnweb.freebsd.org/base?view=revision&revision=333368
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc
https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html
https://xenbits.xen.org/xsa/advisory-260.html
MLIST https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html
https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html
https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html
REDHAT https://access.redhat.com/errata/RHSA-2018:1318
https://access.redhat.com/errata/RHSA-2018:1319
https://access.redhat.com/errata/RHSA-2018:1345
https://access.redhat.com/errata/RHSA-2018:1346
https://access.redhat.com/errata/RHSA-2018:1347
https://access.redhat.com/errata/RHSA-2018:1348
https://access.redhat.com/errata/RHSA-2018:1349
https://access.redhat.com/errata/RHSA-2018:1350
https://access.redhat.com/errata/RHSA-2018:1351
https://access.redhat.com/errata/RHSA-2018:1352
https://access.redhat.com/errata/RHSA-2018:1353
https://access.redhat.com/errata/RHSA-2018:1354
https://access.redhat.com/errata/RHSA-2018:1355
https://access.redhat.com/errata/RHSA-2018:1524
SECTRACK http://www.securitytracker.com/id/1040744
http://www.securitytracker.com/id/1040849
http://www.securitytracker.com/id/1040861
http://www.securitytracker.com/id/1040866
http://www.securitytracker.com/id/1040882
UBUNTU https://usn.ubuntu.com/3641-1/
https://usn.ubuntu.com/3641-2/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
Date Informations
2024-02-16 12:52:50
  • Multiple Updates
2024-02-15 01:55:14
  • Multiple Updates
2024-02-02 01:58:39
  • Multiple Updates
2024-02-01 12:16:16
  • Multiple Updates
2024-01-13 01:53:30
  • Multiple Updates
2023-09-05 12:56:35
  • Multiple Updates
2023-09-05 01:15:58
  • Multiple Updates
2023-09-02 12:55:52
  • Multiple Updates
2023-09-02 01:16:15
  • Multiple Updates
2023-08-12 12:59:41
  • Multiple Updates
2023-08-12 01:15:31
  • Multiple Updates
2023-08-11 12:53:37
  • Multiple Updates
2023-08-11 01:15:57
  • Multiple Updates
2023-08-06 12:52:02
  • Multiple Updates
2023-08-06 01:15:29
  • Multiple Updates
2023-08-04 12:52:16
  • Multiple Updates
2023-08-04 01:15:37
  • Multiple Updates
2023-07-14 12:52:16
  • Multiple Updates
2023-07-14 01:15:35
  • Multiple Updates
2023-03-29 01:53:39
  • Multiple Updates
2023-03-28 12:15:54
  • Multiple Updates
2022-12-15 12:42:55
  • Multiple Updates
2022-10-11 12:46:46
  • Multiple Updates
2022-10-11 01:15:33
  • Multiple Updates
2022-01-13 01:34:46
  • Multiple Updates
2022-01-06 01:34:52
  • Multiple Updates
2022-01-05 01:34:37
  • Multiple Updates
2021-06-10 01:29:36
  • Multiple Updates
2021-05-05 12:28:49
  • Multiple Updates
2021-05-04 13:21:02
  • Multiple Updates
2021-04-22 02:36:00
  • Multiple Updates
2020-05-23 13:17:11
  • Multiple Updates
2020-05-23 02:20:22
  • Multiple Updates
2020-05-23 01:19:34
  • Multiple Updates
2019-10-03 09:21:30
  • Multiple Updates
2019-01-04 00:19:05
  • Multiple Updates
2018-12-20 12:08:42
  • Multiple Updates
2018-12-01 00:19:04
  • Multiple Updates
2018-11-13 17:19:28
  • Multiple Updates
2018-10-17 12:08:42
  • Multiple Updates
2018-09-28 17:19:38
  • Multiple Updates
2018-07-28 09:19:24
  • Multiple Updates
2018-07-04 12:03:02
  • Multiple Updates
2018-06-20 17:19:16
  • Multiple Updates
2018-06-14 12:06:19
  • Multiple Updates
2018-06-03 09:19:44
  • Multiple Updates
2018-05-30 09:19:28
  • Multiple Updates
2018-05-27 09:19:19
  • Multiple Updates
2018-05-25 09:19:37
  • Multiple Updates
2018-05-19 09:19:09
  • Multiple Updates
2018-05-18 09:19:26
  • Multiple Updates
2018-05-17 09:19:39
  • Multiple Updates
2018-05-11 09:19:13
  • Multiple Updates
2018-05-10 09:19:39
  • Multiple Updates
2018-05-09 09:19:45
  • Multiple Updates
2018-05-09 00:19:16
  • First insertion