SWAPGS CVE-2019-1125

 In Threat Horizon

Priority: High

Executive Summary: Microsoft and Red Hat have released a security notification stating that there is a new potential exploit that utilizes a new variant of the Spectre side-channel vulnerability, it has been identified as CVE-2019-1125.

This vulnerability affects Intel CPUs built since 2012 running x86 and x64 architectures and can allow an unprivileged user to gain visibility of the operating system privilege kernel information. This Kernel information can include passwords, tokens and encryption keys, which in turn can potentially be used to elevate user rights. Currently, this vulnerability requires local access to the target device to successfully exploit and there is no evidence this can be performed remotely.

Intel CPU have this exploit due to a core component in how their CPUs work, they speculate on the most likely choice when presented with a series of choices. These choices could act on private data and bring this data into cache. A careful observer of access times could use the timing of these actions to infer the contents of the speculatively accessed memory by observing timing results (commonly referred to as a timing attack). This vulnerability can be fixed using the released software updates.

Microsoft has already released patches silently on their July 2019 Patch Tuesday security updates.

Various Linux distributions (Redhat, Ubuntu and Suse) have released a patch for this vulnerability. It should be a matter of time until the other Linux distributions release their patches.

Detect: ITC customers who are subscribed to the ITC VI service can request a scan to identify affected machines.

Affected Products: Intel CPUs built since 2012 running x86 and x64 architectures.

Prevent: Due to the severity of this vulnerability, ITC strongly recommends that customers apply the updates provided by Microsoft and Linux Distributors.

The following link lists all the KB article that update each Windows OS for this vulnerability:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1125

Linux Distributions:
Redhat: https://access.redhat.com/articles/4329821#resolution-6
Suse: https://www.suse.com/security/cve/CVE-2019-1125/
Ubuntu: https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1125.html

React: It is advised that these updates are applied and installed as soon as possible.

Sources:
[1] https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1125
[2] https://www.phoronix.com/scan.php?page=news_item&px=CVE-2019-1125-SWAPGS
[3] https://thehackernews.com/2019/08/swapgs-speculative-execution.html?m=1
[4] https://chromium.googlesource.com/chromiumos/third_party/kernel/+/cc4c818b2219c58af5f0ca59f3e9f02c48bc0b65/Documentation/admin-guide/hw-vuln/spectre.rst
[5] https://www.suse.com/security/cve/CVE-2019-1125/
[6] https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1125.html
[7] https://access.redhat.com/articles/4329821
[8] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1125

Author: Luis Colaco

Recent Posts

Leave a Comment

Tel:
+44 (0) 20 7517 3900