FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Mishandling of x86 debug exceptions

Affected packages
11.1 <= FreeBSD-kernel < 11.1_10
10.4 <= FreeBSD-kernel < 10.4_9


VuXML ID 521ce804-52fd-11e8-9123-a4badb2f4699
Discovery 2018-05-08
Entry 2018-05-08

Problem Description:

The MOV SS and POP SS instructions inhibit debug exceptions until the instruction boundary following the next instruction. If that instruction is a system call or similar instruction that transfers control to the operating system, the debug exception will be handled in the kernel context instead of the user context.


An authenticated local attacker may be able to read sensitive data in kernel memory, control low-level operating system functions, or may panic the system.


CVE Name CVE-2018-8897
FreeBSD Advisory SA-18:06.debugreg