CVE - CVE-2018-8897

CVE-ID
CVE-2018-8897	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:104071 URL:http://www.securityfocus.com/bid/104071 CERT-VN:VU#631579 URL:https://www.kb.cert.org/vuls/id/631579 CONFIRM:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en CONFIRM:https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 CONFIRM:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897 CONFIRM:https://security.netapp.com/advisory/ntap-20180927-0002/ CONFIRM:https://support.citrix.com/article/CTX234679 CONFIRM:https://www.synology.com/support/security/Synology_SA_18_21 DEBIAN:DSA-4196 URL:https://www.debian.org/security/2018/dsa-4196 DEBIAN:DSA-4201 URL:https://www.debian.org/security/2018/dsa-4201 EXPLOIT-DB:44697 URL:https://www.exploit-db.com/exploits/44697/ EXPLOIT-DB:45024 URL:https://www.exploit-db.com/exploits/45024/ MISC:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 MISC:http://openwall.com/lists/oss-security/2018/05/08/1 MISC:http://openwall.com/lists/oss-security/2018/05/08/4 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1567074 MISC:https://github.com/can1357/CVE-2018-8897/ MISC:https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 MISC:https://patchwork.kernel.org/patch/10386677/ MISC:https://support.apple.com/HT208742 MISC:https://svnweb.freebsd.org/base?view=revision&revision=333368 MISC:https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc MISC:https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html MISC:https://xenbits.xen.org/xsa/advisory-260.html MLIST:[debian-lts-announce] 20180525 [SECURITY] [DLA 1383-1] xen security update URL:https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html MLIST:[debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html MLIST:[debian-lts-announce] 20181112 [SECURITY] [DLA 1577-1] xen security update URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html REDHAT:RHSA-2018:1318 URL:https://access.redhat.com/errata/RHSA-2018:1318 REDHAT:RHSA-2018:1319 URL:https://access.redhat.com/errata/RHSA-2018:1319 REDHAT:RHSA-2018:1345 URL:https://access.redhat.com/errata/RHSA-2018:1345 REDHAT:RHSA-2018:1346 URL:https://access.redhat.com/errata/RHSA-2018:1346 REDHAT:RHSA-2018:1347 URL:https://access.redhat.com/errata/RHSA-2018:1347 REDHAT:RHSA-2018:1348 URL:https://access.redhat.com/errata/RHSA-2018:1348 REDHAT:RHSA-2018:1349 URL:https://access.redhat.com/errata/RHSA-2018:1349 REDHAT:RHSA-2018:1350 URL:https://access.redhat.com/errata/RHSA-2018:1350 REDHAT:RHSA-2018:1351 URL:https://access.redhat.com/errata/RHSA-2018:1351 REDHAT:RHSA-2018:1352 URL:https://access.redhat.com/errata/RHSA-2018:1352 REDHAT:RHSA-2018:1353 URL:https://access.redhat.com/errata/RHSA-2018:1353 REDHAT:RHSA-2018:1354 URL:https://access.redhat.com/errata/RHSA-2018:1354 REDHAT:RHSA-2018:1355 URL:https://access.redhat.com/errata/RHSA-2018:1355 REDHAT:RHSA-2018:1524 URL:https://access.redhat.com/errata/RHSA-2018:1524 SECTRACK:1040744 URL:http://www.securitytracker.com/id/1040744 SECTRACK:1040849 URL:http://www.securitytracker.com/id/1040849 SECTRACK:1040861 URL:http://www.securitytracker.com/id/1040861 SECTRACK:1040866 URL:http://www.securitytracker.com/id/1040866 SECTRACK:1040882 URL:http://www.securitytracker.com/id/1040882 UBUNTU:USN-3641-1 URL:https://usn.ubuntu.com/3641-1/ UBUNTU:USN-3641-2 URL:https://usn.ubuntu.com/3641-2/
Assigning CNA
MITRE Corporation
Date Record Created
20180321	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20180321)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)