History

Wei Chen 06e8cc49f5 Land #10297 , Add priv escalation mod for CVE-2018-8897		2018-07-13 08:57:19 -07:00
..
Error.h	Land #10297 , Add priv escalation mod for CVE-2018-8897	2018-07-13 08:57:19 -07:00
KernelRoutines.h	Land #10297 , Add priv escalation mod for CVE-2018-8897	2018-07-13 08:57:19 -07:00
LICENSE	Land #10297 , Add priv escalation mod for CVE-2018-8897	2018-07-13 08:57:19 -07:00
LockedMemory.h	Land #10297 , Add priv escalation mod for CVE-2018-8897	2018-07-13 08:57:19 -07:00
Native.asm	Land #10297 , Add priv escalation mod for CVE-2018-8897	2018-07-13 08:57:19 -07:00
Native.h	Land #10297 , Add priv escalation mod for CVE-2018-8897	2018-07-13 08:57:19 -07:00
NtDefines.h	Land #10297 , Add priv escalation mod for CVE-2018-8897	2018-07-13 08:57:19 -07:00
README.md	Land #10297 , Add priv escalation mod for CVE-2018-8897	2018-07-13 08:57:19 -07:00
cve-2018-8897-exe.cpp	Land #10297 , Add priv escalation mod for CVE-2018-8897	2018-07-13 08:57:19 -07:00
cve-2018-8897-exe.sln	Land #10297 , Add priv escalation mod for CVE-2018-8897	2018-07-13 08:57:19 -07:00
cve-2018-8897-exe.vcxproj	Land #10297 , Add priv escalation mod for CVE-2018-8897	2018-07-13 08:57:19 -07:00
cve-2018-8897-exe.vcxproj.filters	Land #10297 , Add priv escalation mod for CVE-2018-8897	2018-07-13 08:57:19 -07:00

README.md

CVE-2018-8897

Demo exploitation of the POP SS vulnerability (CVE-2018-8897), leading to unsigned code execution with kernel privilages.

KVA Shadowing should be disabled and the relevant security update should be uninstalled.
This may not work with certain hypervisors (like VMWare), which discard the pending #DB after INT3.

Detailed explanation:

https://blog.can.ac/2018/05/11/arbitrary-code-execution-at-ring-0-using-cve-2018-8897/

Result: