Linux, Windows, macOS, FreeBSD and some implementations of Xen hypervisors have design flaws that allow attackers to at best cause a malfunction in the work of computers based on Intel and AMD processors, and at worst - access to kernel memory or intercept control of the system .
Vulnerability CVE-2018-8897 can be exploited by the introduction of malicious software on the device or an intruder in the system. According to the warning from the specialists of the CERT Coordination Center, it seems that the problem is caused by a misunderstanding of the developers from Microsoft, Apple and other companies of some instructions in the manuals of Intel and AMD, in particular, the method used by processors to handle a certain exception.
These are MOV SS and POP SS instructions that prohibit all interrupts, including NMI (non-maskable interrupts), until the next command is executed. If you follow the SYSCALL, SYSENTER, INT 3, etc. instructions that transfer control with the current privilege level (<3) to the operating system after the MOV command is applied to the SS or POP register, the debugging failure (# DB) is called, which can lead to unexpected behavior of the system. Thus, in certain circumstances, after using certain Intel x86-64 instructions, debugging exception pointing to data in the lower protection ring (for most OSs this is the 0 ring of protection (Ring 0) - the OS kernel, system drivers), is available to OS components with 3rd privilege level (user-initiated applications). Thus, an attacker can use the operating system API to access memory or low-level OS functions.
Vulnerabilities are affected by the solutions of the following manufacturers: Apple, DragonFly BSD Project, FreeBSD Project, Linux kernel, Microsoft, Red Hat, SUSE Linux, Ubuntu, VMware, Xen.
The developers have already eliminated the problem in the Linux kernel with the release of versions 4.15.14, 4.14.31, 4.9.91, 4.4.125, and also in the earlier branches 4.1, 3.16 and 3.2. Corresponding updates released Red Hat, Ubuntu and Apple. Microsoft fixed the vulnerability with the release of Windows 10 April 2018 Update (version 1803). Also available patches for Xen 4.6 - 4.10 and FreeBSD.