CVE-2018-8897
- Source
- https://cve.org/CVERecord?id=CVE-2018-8897
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-8897.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-8897
- Downstream
- Related
- Published
- 2018-05-08T18:29:00.547Z
- Modified
- 2026-04-16T01:39:43.279878297Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "6.0.2" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:citrix:xenserver:6.2.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "6.2.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:citrix:xenserver:7.1:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.1" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:citrix:xenserver:7.2:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.2" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:citrix:xenserver:7.3:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.3" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:citrix:xenserver:7.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.4" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "extracted_events": [ { "fixed": "10.13.4" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "extracted_events": [ { "last_affected": "14.04" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "extracted_events": [ { "last_affected": "16.04" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "17.10" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "9.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "11.0" }, { "fixed": "11.1" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ] } ] }- References
-
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html
- https://www.exploit-db.com/exploits/45024/
- https://www.kb.cert.org/vuls/id/631579
- http://openwall.com/lists/oss-security/2018/05/08/1
- http://openwall.com/lists/oss-security/2018/05/08/4
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en
- http://www.securityfocus.com/bid/104071
- http://www.securitytracker.com/id/1040744
- http://www.securitytracker.com/id/1040849
- http://www.securitytracker.com/id/1040861
- http://www.securitytracker.com/id/1040866
- http://www.securitytracker.com/id/1040882
- https://access.redhat.com/errata/RHSA-2018:1318
- https://access.redhat.com/errata/RHSA-2018:1319
- https://access.redhat.com/errata/RHSA-2018:1345
- https://access.redhat.com/errata/RHSA-2018:1346
- https://access.redhat.com/errata/RHSA-2018:1347
- https://access.redhat.com/errata/RHSA-2018:1348
- https://access.redhat.com/errata/RHSA-2018:1349
- https://access.redhat.com/errata/RHSA-2018:1350
- https://access.redhat.com/errata/RHSA-2018:1351
- https://access.redhat.com/errata/RHSA-2018:1352
- https://access.redhat.com/errata/RHSA-2018:1353
- https://access.redhat.com/errata/RHSA-2018:1354
- https://access.redhat.com/errata/RHSA-2018:1355
- https://access.redhat.com/errata/RHSA-2018:1524
- https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html
- https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html
- https://security.netapp.com/advisory/ntap-20180927-0002/
- https://support.apple.com/HT208742
- https://support.citrix.com/article/CTX234679
- https://svnweb.freebsd.org/base?view=revision&revision=333368
- https://usn.ubuntu.com/3641-1/
- https://usn.ubuntu.com/3641-2/
- https://www.debian.org/security/2018/dsa-4196
- https://www.debian.org/security/2018/dsa-4201
- https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc
- https://www.synology.com/support/security/Synology_SA_18_21
- https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1567074
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9
- https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9
- https://patchwork.kernel.org/patch/10386677/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897
- https://xenbits.xen.org/xsa/advisory-260.html
- https://github.com/can1357/CVE-2018-8897/
- https://www.exploit-db.com/exploits/44697/
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected02f8c6aee8df3cdc935e9bdd4f2d020306035dbeLast affected2dde18cd1d8fac735875f2e4987f11817cc0bc2cLast affected0ecfebd2b52404ae0c54a878c872bb93363ada36Last affected4fe89d07dcc2804c8b562f6c7896a45643d34b2fLast affected830b3c68c1fb1e9176028d02ef86f3cf76aa2476
- Database specific
{ "source": "CPE_FIELD", "cpe": [ "cpe:2.3:o:redhat:enterprise_virtualization_manager:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:synology:diskstation_manager:5.2:*:*:*:*:*:*:*", "cpe:2.3:o:synology:diskstation_manager:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:synology:diskstation_manager:6.1:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "0" }, { "last_affected": "3.0" }, { "last_affected": "6.5" }, { "last_affected": "5.2" }, { "last_affected": "6.0" }, { "last_affected": "6.1" } ] }