CVE-2018-2892

HIGH

Oracle Solaris <11 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-2892. PoCs published by mu-b.

AI-analyzed exploit summary This exploit leverages a vulnerability in the Solaris/OpenSolaris AVS kernel (CVE-2018-2892) to achieve local privilege escalation by manipulating kernel structures via an ioctl call to /dev/sdbc. It overwrites the sysent table to execute arbitrary code in kernel mode, ultimately granting root access.

Description

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Availability Suite Service). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Exploits (1)

exploitdb WORKING POC

by mu-b · clocalsolaris

https://www.exploit-db.com/exploits/45126

View Code ZIP pw:eip

This exploit leverages a vulnerability in the Solaris/OpenSolaris AVS kernel (CVE-2018-2892) to achieve local privilege escalation by manipulating kernel structures via an ioctl call to /dev/sdbc. It overwrites the sysent table to execute arbitrary code in kernel mode, ultimately granting root access.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Solaris 10, Solaris <= 11.3, OpenSolaris

No auth needed

Prerequisites: Local access to the target system · Presence of /dev/sdbc device

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/104799

Patch, Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45126/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1041303

Scores

CVSS v3 7.8

EPSS 0.0117

EPSS Percentile 79.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

Status published

Products (2)

oracle/solaris 10.0

oracle/solaris 11.3

Published Jul 18, 2018

Tracked Since Feb 18, 2026