Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 691748 (CVE-2019-1125, SWAPGS)

Summary: SWAPGS Spectre side-channel vulnerability (CVE-2019-1125)
Product: Gentoo Security Reporter: Kerin Millar <kfm>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: CONFIRMED ---    
Severity: normal CC: hydrapolic
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://labs.bitdefender.com/2019/08/bypassing-kpti-using-the-speculative-behavior-of-the-swapgs-instruction/
Whiteboard:
Package list:
Runtime testing required: ---

Description Kerin Millar 2019-08-08 16:19:40 UTC
SUMMARY

Bitdefender senior researchers Dan Horea Luțaș and Andrei Vlad Luțaș recently uncovered a new speculative-execution vulnerability and demonstrated how it can be exploited via a side-channel style attack, dubbed SWAPGS Attack.

FURTHER READING

• https://labs.bitdefender.com/2019/08/bypassing-kpti-using-the-speculative-behavior-of-the-swapgs-instruction/https://access.redhat.com/articles/4329821https://www.andreafortuna.org/2019/08/07/cve-2019-1125-swapgs-attack-a-new-speculative-execution-side-channel-attack/

SCOPE

Affects Intel processors from Ivy Bridge onwards. AMD have issued a statement claiming that they are not affected because "AMD products are designed not to speculate on the new GS value following a speculative SWAPGS".

MITIGATION

Fixed by the following kernel releases:

• 5.2.7
• 4.19.65
• 4.14.137