CVE-2018-8897 PoC — 多个厂商的操作系统竞争条件问题漏洞

Source

https://github.com/can1357/CVE-2018-8897

Associated Vulnerability

Title:多个厂商的操作系统竞争条件问题漏洞 (CVE-2018-8897)
Description:Linux kernel是美国等都是美国Linux(Linux)基金会的产品。Linux kernel是开源操作系统Linux所使用的内核。Qualcomm Kernel等都是美国高通(Qualcomm)公司的产品。Qualcomm Kernel是一个使用在高通产品中的内核组件。Apple Kernel等都是美国苹果(Apple)公司的产品。Apple Kernel是Apple设备的内核。多个厂商的操作系统中存在竞争条件问题漏洞。该漏洞源于网络系统或产品在运行过程中，并发代码需要互斥地访问共享资源时，对

Description

Arbitrary code execution with kernel privileges using CVE-2018-8897.

Readme

# CVE-2018-8897
Demo exploitation of the POP SS vulnerability (CVE-2018-8897), leading to unsigned code execution with kernel privilages.
- KVA Shadowing should be disabled and [the relevant security update](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897) should be uninstalled.
- This may not work with certain hypervisors (like VMWare), which discard the pending #DB after INT3. 

## Detailed explanation:

https://blog.can.ac/2018/05/11/arbitrary-code-execution-at-ring-0-using-cve-2018-8897/

## Result:
![](https://blog.can.ac/wp-content/uploads/2018/05/K1DL2.png)
![](https://blog.can.ac/wp-content/uploads/2018/05/aF6dL.png)

File Snapshot


 [4.0K]  /data/pocs/609ca3ca1e391f80d5247a62550f084c95bb843c
├── [ 268]  Error.h
├── [1.4K]  KernelRoutines.h
├── [1.5K]  LICENSE
├── [2.5K]  LockedMemory.h
├── [ 14K]  Main.cpp
├── [2.2K]  Native.asm
├── [ 773]  Native.h
├── [1.9K]  NtDefines.h
└── [ 666]  README.md

0 directories, 9 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!