This Metasploit module exploits a vulnerability in a statement in the system programming guide of the Intel 64 and IA-32 architectures software developer's manual being mishandled in various operating system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS. This Metasploit module will upload the pre-compiled exploit and use it to execute the final payload in order to gain remote code execution.
8c042c8825650019d1e31b5398ad5381eeb236d87035fde08adff61e565143d1Debian Linux Security Advisory 4201-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.
5f94aebb03d033ff9bb6ee8f33889d513f0b3522c4d68c721d0f40f7968f1c51Red Hat Security Advisory 2018-1523-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Includes GlusterFS fixes for CVE-2018-1088, dhcp fixes for CVE-2018-1111, kernel fixes for CVE-2018-1087, and kernel fixes for CVE-2018-8897. Issues addressed include code execution and denial of service vulnerabilities.
86682245728d0509a02389329bcf0edddbdae534665e7f8d77e1c15e22b7d90bOn May 8, fixes for CVE-2018-1087 and CVE-2018-8897 were released in linux kernel version 4.4.0-124.148. These CVEs are both related to the way that the linux kernel handles certain interrupt and exception instructions. If an interrupt or exception instruction (INT3, SYSCALL, etc.) is immediately preceded by a MOV SS or POP SS instruction, the resulting interrupt will be incorrectly handled, possibly crashing the operating system. The issue can be triggered by an unprivileged user. The fix for this problem requires modification of the interrupt descriptor tables (IDT), and modification of the interrupt handlers. Livepatch is unable to safely modify these areas, so upgrading to a corrected kernel and rebooting is required to fix the problem.
0ed9608f57e15a5b058be5eb06c92f72ea884cf0e997d30b7285a27811e380abDebian Linux Security Advisory 4196-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.
93cc48d260bc7594d1b33464cbeae85c8108f7abd086bf698c5a407b0654ccb2Red Hat Security Advisory 2018-1353-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
afe3d9671e2e8ff15d7958818998be7354270f360f6adf3a3b66d1e43ab9e9e8Ubuntu Security Notice 3641-2 - USN-3641-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 17.10. This update provides the corresponding updates for Ubuntu 12.04 ESM. Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attacker could use this to cause a denial of service. This issue only affected the amd64 architecture. Various other issues were also addressed.
8b62cd3908a2ea60933e4f5060c4a7cffa0119feb5c2296cf0f5d7231274b888Red Hat Security Advisory 2018-1352-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
71efafc90a9a9e62010e3ca1590cf2ec3f8b1f5fa0c3faba42e3d7fcf8740a64Ubuntu Security Notice 3641-1 - Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attacker could use this to cause a denial of service. This issue only affected the amd64 architecture. Andy Lutomirski discovered that the KVM subsystem of the Linux kernel did not properly emulate the ICEBP instruction following a MOV/POP to SS instruction. A local attacker in a KVM virtual machine could use this to cause a denial of service or possibly escalate privileges inside of the virtual machine. This issue only affected the i386 and amd64 architectures. Various other issues were also addressed.
54c635a827000ad1e9720e3b153dc5b8af85ba11bc41d5f1f952f2e981d32393Red Hat Security Advisory 2018-1354-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a denial of service vulnerability.
07cf2a8a33944e25e41319038ec30d5b0e2287a5b973c6e77a3571ff6f0c29acRed Hat Security Advisory 2018-1355-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service and use-after-free vulnerabilities.
4447e6e273f5b0f0d5eb8a44bada9595ed1bf052db276cd1a4d04938e84a19fcRed Hat Security Advisory 2018-1348-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
77e14f8e97722364a934d0e7a3d7fefdf5f0cbf6c8b69da99369eb567ee670adRed Hat Security Advisory 2018-1351-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
b8d926c0cdf976fe63b0db1ccd7e76b873c8daef9ed021d651e7a90e77a91281Red Hat Security Advisory 2018-1350-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
3d9889f41214444f35df9eb28bc8aaa89b7002912f60e8878b210f66b0324d18Red Hat Security Advisory 2018-1349-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
f497513e893b70e29f4311747b0ce6b42a9a870676f0b26bcc3a0ed7fa883c4fRed Hat Security Advisory 2018-1347-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
64f3efd7e77588737cd63b6560896e2387734dbeceeab16e9ea654dd6a99b86eRed Hat Security Advisory 2018-1346-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
29fe02852f0733950360d16019705e279d6c1ed0a66e9f5263075d5ff7a14cf1Red Hat Security Advisory 2018-1345-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
ec6a1a88ee637d3c9343ff659da54d46ac857b9268235cba505aa87bfc6a8343FreeBSD Security Advisory - The MOV SS and POP SS instructions inhibit debug exceptions until the instruction boundary following the next instruction. If that instruction is a system call or similar instruction that transfers control to the operating system, the debug exception will be handled in the kernel context instead of the user context. An authenticated local attacker may be able to read sensitive data in kernel memory, control low-level operating system functions, or may panic the system.
436c2453ffbf42d86b402970ed7a42fbf8c2b6d77a9f356bfdc4d651e22df44fRed Hat Security Advisory 2018-1319-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and use-after-free vulnerabilities.
d3fe9410234a0ad13180edc1acd09d1f107cb6f71fe5498329640037d6599e2eRed Hat Security Advisory 2018-1318-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and use-after-free vulnerabilities.
cbd3c6c3e9147b3d4a53a27345de22613a5693b4808c489836579c84720b9defApple Security Advisory 2018-05-08-1 - This advisory provides additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001.
8ea9153eebb7083c9b2f791b5fa10ed9e8a1ecdc60d8f44827888484c0fa29bb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed