CVE-2018-8897

Name of the Vulnerable Software and Affected Versions: Linux (affected versions not specified) Windows (affected versions not specified) Ubuntu (affected versions not specified) Debian GNU/Linux (affected versions not specified) Red Hat Enterprise Linux (affected versions not specified) macOS (affected versions not specified) EulerOS (affected versions not specified) FreeBSD (affected versions not specified)

Description: The issue is related to errors in interpreting the behavior of MOV SS/POP SS instructions, which can lead to unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS. This can result in privilege escalation in various operating systems, including Windows, macOS, and some Linux configurations, or cause a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts, data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction. If the instruction following the MOV to SS or POP to SS instruction is an instruction that transfers control to the operating system at a lower privilege level, the debug exception is delivered after the transfer is complete, which may cause unexpected behavior in OS kernels.

Recommendations: For Linux, consider disabling the MOV to SS and POP to SS instructions as a temporary workaround until a patch is available. For Windows, restrict access to the SYSCALL and SYSENTER instructions to minimize the risk of exploitation. For macOS, avoid using the INT 3 instruction in sensitive code paths until the issue is resolved. For Ubuntu, Debian GNU/Linux, Red Hat Enterprise Linux, and EulerOS, apply configuration changes to handle debug exceptions correctly. For FreeBSD, update the kernel to handle the inhibited data breakpoints and single step trap exceptions properly. At the moment, there is no information about a newer version that contains a fix for this vulnerability.