Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2018-8897
Severity
7.8HIGH
EPSS
24.7%
top 3.85%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedMay 8
Latest updateMay 13
Description
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data b…
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages28 packages
Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-j2cv-h77g-5p95: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the developmen↗2022-05-13
OSV▶
CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the developmen↗2018-05-08
OSV▶
linux, linux-aws, linux-azure, linux-euclid, linux-gcp, linux-hwe, linux-kvm, linux-lts-xenial, linux-oem, linux-raspi2, linux-snapdragon vulnerabilities↗2018-05-08
CVEList▶
CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the developmen↗2018-05-08
💥Exploits & PoCs
2📋Vendor Advisories
9Apple▶
CVE-2018-8897: macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan↗2018-06-01