Import this Component Template and run test against x86 and x64 system. Use BSA Patching module to patch kernels and rerun this compliance to see if any servers were left unpatched.
More about vulnerabilities: POP SS debug exception - CVE-2018-8897 [Moderate] & CVE-2018-1087 [Important]
There is a flaw in the way the Linux kernel handles exceptions triggered after the POP SS and MOV to SS instructions. These issues could lead to denial of service for unpatched systems.
These instructions hold delivery of interrupts, data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction. Separate issues are identified as related to the Linux kernel and KVM technologies.
How CT was created:
*Note: I have updated detection logic to handle both x86 and x64 systems which was not done in this video.