691748 – (CVE-2019-1125, SWAPGS) SWAPGS Spectre side-channel vulnerability (CVE-2019-1125)

Bug 691748 (CVE-2019-1125, SWAPGS) - SWAPGS Spectre side-channel vulnerability (CVE-2019-1125)

Summary: SWAPGS Spectre side-channel vulnerability (CVE-2019-1125)

Status:	CONFIRMED

Alias:	CVE-2019-1125, SWAPGS

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://labs.bitdefender.com/2019/08/...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2019-08-08 16:19 UTC by kfm
Modified:	2022-10-15 02:50 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description kfm 2019-08-08 16:19:40 UTC

SUMMARY

Bitdefender senior researchers Dan Horea Luțaș and Andrei Vlad Luțaș recently uncovered a new speculative-execution vulnerability and demonstrated how it can be exploited via a side-channel style attack, dubbed SWAPGS Attack.

FURTHER READING

• https://labs.bitdefender.com/2019/08/bypassing-kpti-using-the-speculative-behavior-of-the-swapgs-instruction/
• https://access.redhat.com/articles/4329821
• https://www.andreafortuna.org/2019/08/07/cve-2019-1125-swapgs-attack-a-new-speculative-execution-side-channel-attack/

SCOPE

Affects Intel processors from Ivy Bridge onwards. AMD have issued a statement claiming that they are not affected because "AMD products are designed not to speculate on the new GS value following a speculative SWAPGS".

MITIGATION

Fixed by the following kernel releases:

• 5.2.7
• 4.19.65
• 4.14.137

Comment 1 kfm 2019-08-08 16:26:31 UTC

See also https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=18ec54f.