Bug 691748 (CVE-2019-1125, SWAPGS)

Summary:	SWAPGS Spectre side-channel vulnerability (CVE-2019-1125)
Product:	Gentoo Security	Reporter:	kfm <kfm>
Component:	Kernel	Assignee:	Gentoo Security <security>
Status:	CONFIRMED ---
Severity:	normal	CC:	hydrapolic
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://labs.bitdefender.com/2019/08/bypassing-kpti-using-the-speculative-behavior-of-the-swapgs-instruction/
Whiteboard:
Package list:		Runtime testing required:	---

Description kfm 2019-08-08 16:19:40 UTC

SUMMARY

Bitdefender senior researchers Dan Horea Luțaș and Andrei Vlad Luțaș recently uncovered a new speculative-execution vulnerability and demonstrated how it can be exploited via a side-channel style attack, dubbed SWAPGS Attack.

FURTHER READING

• https://labs.bitdefender.com/2019/08/bypassing-kpti-using-the-speculative-behavior-of-the-swapgs-instruction/
• https://access.redhat.com/articles/4329821
• https://www.andreafortuna.org/2019/08/07/cve-2019-1125-swapgs-attack-a-new-speculative-execution-side-channel-attack/

SCOPE

Affects Intel processors from Ivy Bridge onwards. AMD have issued a statement claiming that they are not affected because "AMD products are designed not to speculate on the new GS value following a speculative SWAPGS".

MITIGATION

Fixed by the following kernel releases:

• 5.2.7
• 4.19.65
• 4.14.137

Comment 1 kfm 2019-08-08 16:26:31 UTC

See also https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=18ec54f.