CVE-2018-8897

Exp

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.

Published: 2018-05-08 Last update: 2026-06-17 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2018-8897 is rated High Exploit Risk (75.1/100): CVSS High severity, with high exploitation likelihood (EPSS 18.40%, 97th percentile). 4 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2018-8897

EDB-ID Source Kind Published Link
45024 exploit_db edb 2018-07-13 Exploit-DB ↗
44697 exploit_db edb 2018-05-22 Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2018-8897

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 24.72% 18.40% -6.32%
2 2026-04-13 24.80% 24.72% -0.07%
3 2026-03-02 24.80%

Full EPSS history (30 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2018-8897

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.8 3.0 HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 1.8 5.9 [email protected]
7.2 2.0 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 3.9 10.0 [email protected]

Weakness enumeration for CVE-2018-8897

OS Trackers for CVE-2018-8897

vendor priority summary link
alpine high CVE-2018-8897: 1 source package rows (xen); 12 state rows across 10 repos (3.10-main, 3.11-main, 3.12-main, 3.17-main, 3.18-main, 3.19-main, 3.20-main, 3.21-main, 3.22-main, edge-main); fixed 12, open 0. https://security.alpinelinux.org/vuln/CVE-2018-8897
debian not yet assigned CVE-2018-8897 not yet assigned priority: Debian including 2 source packages (linux, xen), 10 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 10. https://security-tracker.debian.org/tracker/CVE-2018-8897
redhat medium https://access.redhat.com/security/cve/CVE-2018-8897
suse high CVE-2018-8897 severity important: SUSE including 579 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 1062 product×package rows across 93 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 4, … (93 product lines)): Fixed 640, Known Not Affected 265, Known Affected 157. https://www.suse.com/security/cve/CVE-2018-8897/
ubuntu high CVE-2018-8897 high priority: Ubuntu including 76 source packages (linux, linux-aws, …), 610 status rows across 10 suites (artful, bionic, cosmic, focal, jammy, noble, oracular, trusty, upstream, xenial): DNE 388, not-affected 123, released 90, ignored 9. https://ubuntu.com/security/CVE-2018-8897

Affected software / configurations for CVE-2018-8897

Vendor Product Version Raw CPE
debian debian_linux 7.0 cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
debian debian_linux 8.0 cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
debian debian_linux 9.0 cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
canonical ubuntu_linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
canonical ubuntu_linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
canonical ubuntu_linux 17.10 cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
redhat enterprise_linux_server 7.0 cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
redhat enterprise_linux_workstation 7.0 cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
redhat enterprise_virtualization_manager 3.0 cpe:2.3:o:redhat:enterprise_virtualization_manager:3.0:*:*:*:*:*:*:*
citrix xenserver 6.0.2 cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*
citrix xenserver 6.2.0 cpe:2.3:a:citrix:xenserver:6.2.0:*:*:*:*:*:*:*
citrix xenserver 6.5 cpe:2.3:a:citrix:xenserver:6.5:*:*:*:*:*:*:*
citrix xenserver 7.0 cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*
citrix xenserver 7.1 cpe:2.3:a:citrix:xenserver:7.1:*:*:*:*:*:*:*
citrix xenserver 7.2 cpe:2.3:a:citrix:xenserver:7.2:*:*:*:*:*:*:*
citrix xenserver 7.3 cpe:2.3:a:citrix:xenserver:7.3:*:*:*:*:*:*:*
citrix xenserver 7.4 cpe:2.3:a:citrix:xenserver:7.4:*:*:*:*:*:*:*
synology skynas cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*
synology diskstation_manager 5.2 cpe:2.3:o:synology:diskstation_manager:5.2:*:*:*:*:*:*:*
synology diskstation_manager 6.0 cpe:2.3:o:synology:diskstation_manager:6.0:*:*:*:*:*:*:*
synology diskstation_manager 6.1 cpe:2.3:o:synology:diskstation_manager:6.1:*:*:*:*:*:*:*
apple mac_os_x < 10.13.4 cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
xen xen cpe:2.3:o:xen:xen:-:*:*:*:*:*:x86:*
freebsd freebsd >= 11.0, < 11.1 cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*

References for CVE-2018-8897

URL Tags
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 Patch Third Party Advisory
http://openwall.com/lists/oss-security/2018/05/08/1 Mailing List Third Party Advisory
http://openwall.com/lists/oss-security/2018/05/08/4 Mailing List Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en
http://www.securityfocus.com/bid/104071 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040744 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040849 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040861 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040866 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040882 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:1318 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1319 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1345 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1346 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1347 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1348 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1349 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1350 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1351 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1352 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1353 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1354 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1355 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1524 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1567074 Issue Tracking Third Party Advisory
https://github.com/can1357/CVE-2018-8897/ Exploit Third Party Advisory
https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 Patch Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html
https://patchwork.kernel.org/patch/10386677/ Patch Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897 Patch Third Party Advisory Vendor Advisory
https://security.netapp.com/advisory/ntap-20180927-0002/
https://support.apple.com/HT208742 Third Party Advisory
https://support.citrix.com/article/CTX234679 Third Party Advisory
https://svnweb.freebsd.org/base?view=revision&revision=333368 Third Party Advisory
https://usn.ubuntu.com/3641-1/ Third Party Advisory
https://usn.ubuntu.com/3641-2/ Third Party Advisory
https://www.debian.org/security/2018/dsa-4196 Third Party Advisory
https://www.debian.org/security/2018/dsa-4201 Third Party Advisory
https://www.exploit-db.com/exploits/44697/ Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/45024/
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc Third Party Advisory
https://www.kb.cert.org/vuls/id/631579
https://www.synology.com/support/security/Synology_SA_18_21 Third Party Advisory
https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html Third Party Advisory
https://xenbits.xen.org/xsa/advisory-260.html Patch Third Party Advisory
cvelogic Threat Intelligence