CVE-2018-8897: Race Condition
First published: Fri Apr 13 2018(Updated: )
A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. Upstream patch: --------------- -> <a href="https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9">https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9</a> Reference: ---------- -> <a href="http://www.openwall.com/lists/oss-security/2018/05/08/4">http://www.openwall.com/lists/oss-security/2018/05/08/4</a>
Credit: Andy Lutomirski Nick Peterson (linkedin.com/in/everdox) Everdox Tech LLC cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <0:2.6.18-348.39.2.el5 | 0:2.6.18-348.39.2.el5 |
| redhat/kernel | <0:2.6.18-431.el5 | 0:2.6.18-431.el5 |
| redhat/kernel | <0:2.6.32-696.28.1.el6 | 0:2.6.32-696.28.1.el6 |
| redhat/kernel | <0:2.6.32-358.88.2.el6 | 0:2.6.32-358.88.2.el6 |
| redhat/kernel | <0:2.6.32-431.89.2.el6 | 0:2.6.32-431.89.2.el6 |
| redhat/kernel | <0:2.6.32-504.68.2.el6 | 0:2.6.32-504.68.2.el6 |
| redhat/kernel | <0:2.6.32-573.55.2.el6 | 0:2.6.32-573.55.2.el6 |
| redhat/kernel-rt | <0:3.10.0-862.2.3.rt56.806.el7 | 0:3.10.0-862.2.3.rt56.806.el7 |
| redhat/kernel | <0:3.10.0-862.2.3.el7 | 0:3.10.0-862.2.3.el7 |
| redhat/kernel | <0:3.10.0-327.66.3.el7 | 0:3.10.0-327.66.3.el7 |
| redhat/kernel | <0:3.10.0-514.48.3.el7 | 0:3.10.0-514.48.3.el7 |
| redhat/kernel | <0:3.10.0-693.25.4.el7 | 0:3.10.0-693.25.4.el7 |
| redhat/kernel-rt | <1:3.10.0-693.25.4.rt56.613.el6 | 1:3.10.0-693.25.4.rt56.613.el6 |
| redhat/imgbased | <0:1.0.16-0.1.el7e | 0:1.0.16-0.1.el7e |
| redhat/ovirt-node-ng | <0:4.2.0-0.20170814.0.el7 | 0:4.2.0-0.20170814.0.el7 |
| redhat/redhat-release-virtualization-host | <0:4.2-3.0.el7 | 0:4.2-3.0.el7 |
| redhat/rhev-hypervisor7 | <0:7.3-20180521.1.el6e | 0:7.3-20180521.1.el6e |
| redhat/rhev-hypervisor7 | <0:7.3-20180521.1.el7e | 0:7.3-20180521.1.el7e |
| debian/linux | 5.10.223-1 6.1.106-3 6.1.99-1 6.10.9-1 | |
| debian/xen | 4.14.6-1 4.14.5+94-ge49571868d-1 4.17.3+10-g091466ba55-1~deb12u1 4.17.3+36-g54dacb5c02-1 | |
| macOS High Sierra | <10.13.5 | 10.13.5 |
| macOS High Sierra | ||
| Apple El Capitan | ||
| Debian GNU/Linux | =7.0 | |
| Debian GNU/Linux | =8.0 | |
| Debian GNU/Linux | =9.0 | |
| Ubuntu Linux | =14.04 | |
| Ubuntu Linux | =16.04 | |
| Ubuntu Linux | =17.10 | |
| redhat enterprise Linux server | =7.0 | |
| redhat enterprise Linux workstation | =7.0 | |
| Red Hat Enterprise Virtualization Manager | =3.0 | |
| XenServer | =6.0.2 | |
| XenServer | =6.2.0 | |
| XenServer | =6.5 | |
| XenServer | =7.0 | |
| XenServer | =7.1 | |
| XenServer | =7.2 | |
| XenServer | =7.3 | |
| XenServer | =7.4 | |
| synology skynas | ||
| Synology DiskStation Manager | =5.2 | |
| Synology DiskStation Manager | =6.0 | |
| Synology DiskStation Manager | =6.1 | |
| Apple iOS and macOS | <10.13.4 | |
| Xen xen-unstable | ||
| FreeBSD FreeBSD | >=11.0<11.1 | |
| Debian | =7.0 | |
| Debian | =8.0 | |
| Debian | =9.0 | |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =17.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2018-8897 https://nvd.nist.gov/vuln/detail/CVE-2018-8897 https://access.redhat.com/security/vulnerabilities/pop_ss
- https://bugzilla.redhat.com/show_bug.cgi?id=1567074
- https://access.redhat.com/errata/RHSA-2018:1352
- https://access.redhat.com/errata/RHSA-2018:1353
- https://access.redhat.com/errata/RHSA-2018:1319
- https://access.redhat.com/errata/RHSA-2018:1349
- https://access.redhat.com/errata/RHSA-2018:1350
- https://access.redhat.com/errata/RHSA-2018:1351
- https://access.redhat.com/errata/RHSA-2018:1346
- https://access.redhat.com/errata/RHSA-2018:1355
- https://access.redhat.com/errata/RHSA-2018:1318
- https://access.redhat.com/errata/RHSA-2018:1347
- https://access.redhat.com/errata/RHSA-2018:1348
- https://access.redhat.com/errata/RHSA-2018:1345
- https://access.redhat.com/errata/RHSA-2018:1354
- https://access.redhat.com/errata/RHSA-2018:1524
- https://access.redhat.com/errata/RHSA-2018:1711
- https://access.redhat.com/errata/RHSA-2018:1710
- https://access.redhat.com/security/cve/CVE-2018-8897
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9
- http://openwall.com/lists/oss-security/2018/05/08/1
- http://openwall.com/lists/oss-security/2018/05/08/4
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en
- http://www.securityfocus.com/bid/104071
- http://www.securitytracker.com/id/1040744
- http://www.securitytracker.com/id/1040849
- http://www.securitytracker.com/id/1040861
- http://www.securitytracker.com/id/1040866
- http://www.securitytracker.com/id/1040882
- https://github.com/can1357/CVE-2018-8897/
- https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html
- https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html
- https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html
- https://patchwork.kernel.org/patch/10386677/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897
- https://security.netapp.com/advisory/ntap-20180927-0002/
- https://support.apple.com/HT208742
- https://support.citrix.com/article/CTX234679
- https://svnweb.freebsd.org/base?view=revision&revision=333368
- https://usn.ubuntu.com/3641-1/
- https://usn.ubuntu.com/3641-2/
- https://www.debian.org/security/2018/dsa-4196
- https://www.debian.org/security/2018/dsa-4201
- https://www.exploit-db.com/exploits/44697/
- https://www.exploit-db.com/exploits/45024/
- https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc
- https://www.kb.cert.org/vuls/id/631579
- https://www.synology.com/support/security/Synology_SA_18_21
- https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html
- https://xenbits.xen.org/xsa/advisory-260.html
- https://svnweb.freebsd.org/base?view=revision&revision=333368
- https://launchpad.net/bugs/cve/CVE-2018-8897
- https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9
- http://www.openwall.com/lists/oss-security/2018/05/08/4
- https://access.redhat.com/security/vulnerabilities/pop_ss
- https://support.apple.com/en-us/HT208849 (Advisory)
- https://www.openwall.com/lists/oss-security/2018/05/08/4
- https://security-tracker.debian.org/tracker/CVE-2018-8897
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8897
- https://nvd.nist.gov/vuln/detail/CVE-2018-8897
- https://ubuntu.com/security/CVE-2018-8897
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-4196
- CVE-2018-4253
- CVE-2018-4256
- CVE-2018-4255
- CVE-2018-4254
- CVE-2018-4258
- CVE-2018-4257
- CVE-2018-7584
- CVE-2018-4219
- CVE-2018-5383
- CVE-2018-4171
- CVE-2018-4194
- CVE-2018-4180
- CVE-2018-4181
- CVE-2018-4182
- CVE-2018-4183
- CVE-2018-4478
- CVE-2018-4251
- CVE-2018-4211
- CVE-2018-4229
- CVE-2018-4159
- CVE-2018-4242
- CVE-2018-4202
- CVE-2018-4217
- CVE-2018-4141
- CVE-2018-4228
- CVE-2018-4236
- CVE-2018-4234
- CVE-2018-4249
- CVE-2018-8897
- CVE-2018-4241
- CVE-2018-4243
- CVE-2018-4237
- CVE-2018-4404
- CVE-2018-4227
- CVE-2018-4235
- CVE-2018-4240
- CVE-2018-4230
- CVE-2018-4221
- CVE-2018-4223
- CVE-2018-4224
- CVE-2018-4225
- CVE-2018-4226
- CVE-2018-4184
- CVE-2018-4198
- CVE-2018-4193
Frequently Asked Questions
What is the severity of CVE-2018-8897?
CVE-2018-8897 has a medium severity rating, indicating a moderate level of risk associated with exploitation.
How do I fix CVE-2018-8897?
To fix CVE-2018-8897, ensure that your Linux kernel is updated to the appropriate patched version as specified by the vendor.
What systems are affected by CVE-2018-8897?
CVE-2018-8897 affects various versions of the Linux kernel across distributions like Red Hat and Debian.
Is CVE-2018-8897 exploitable remotely?
CVE-2018-8897 is considered non-remotely exploitable; it requires local access to the system for exploitation.
What is the nature of the flaw in CVE-2018-8897?
CVE-2018-8897 is related to improper exception handling during stack switch operations in the Linux kernel.
- collector/redhat-cve
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-8897
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/event
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/author
- collector/apple-support
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/apple
- canonical/macos high sierra
- canonical/apple el capitan
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/7.0
- version/debian gnu/linux/8.0
- version/debian gnu/linux/9.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/14.04
- version/ubuntu linux/16.04
- version/ubuntu linux/17.10
- vendor/redhat
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- canonical/red hat enterprise virtualization manager
- version/red hat enterprise virtualization manager/3.0
- vendor/citrix
- canonical/xenserver
- version/xenserver/6.0.2
- version/xenserver/6.2.0
- version/xenserver/6.5
- version/xenserver/7.0
- version/xenserver/7.1
- version/xenserver/7.2
- version/xenserver/7.3
- version/xenserver/7.4
- vendor/synology
- canonical/synology skynas
- canonical/synology diskstation manager
- version/synology diskstation manager/5.2
- version/synology diskstation manager/6.0
- version/synology diskstation manager/6.1
- canonical/apple ios and macos
- vendor/xen
- canonical/xen xen-unstable
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/11.0
- canonical/debian
- version/debian/7.0
- version/debian/8.0
- version/debian/9.0
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/16.04
- version/ubuntu/17.10