In some circumstances, some operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception. The error appears to be due to developer interpretation of existing documentation for certain Intel architecture interrupt/exception instructions, namely MOV SS and POP SS.
CWE-703: Improper Check or Handling of Exceptional Conditions - CVE-2018-8897
The MOV SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV SS or POP SS instruction itself). Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol 3A; section 2.3).
An authenticated attacker may be able to read sensitive data in memory or control low-level operating system functions,
Apply an update
Microsoft and Intel credit Nick Peterson of Everdox Tech, LLC, for responsibly reporting this vulnerability and working with the group on coordinated disclosure. Andy Lutomirski is also credited for assistance in documenting the vulnerability for Linux.
This document was written by Garret Wassermann.
|Date First Published:||2018-05-08|
|Date Last Updated:||2019-07-11 16:31 UTC|