SWAPGS: Newest Spectre vulnerability affects millions of systems

Newest Spectre vulnerability affects millions of PCs

Security researchers have found a new side-channel attack and vulnerability that affects millions of newer Intel microprocessors. The new vulnerability CVE-2019-1125 dubbed SWAPGS is a variant of Spectre Variant 1 and bypasses previous mitigations against Spectre and Meltdown.

SWAPGS works like Spectre and Meltdown in that attackers can exploit the flaw to steal sensitive data, such as passwords and encryption keys, from memory on PCs. To add, PCs or enterprise systems manufactured after 2012 are likely susceptible to the issue.

Red Hat advisory

Red Hat provided a good write-up on SWAPGS late Tuesday and said the fix requires an update to the Linux kernel. The company added the vulnerability only applies to x86-64 systems running Intel or AMD processors. To add, the company rated the bug Moderate and CVSS base score of 5.9.

“An unprivileged local attacker can use these flaws to bypass conventional memory security restrictions to gain read access to privileged memory that would otherwise be inaccessible,” Red Hat stated in the advisory.

Red Hat also recommended organizations update the kernel and reboot systems.

Microsoft advisory

Microsoft also issued a security advisory on August 6 and confirmed an attacker could potentially exploit the vulnerability to read privileged data across trust boundaries.

To add, Microsoft did silently patch the vulnerability as part of update on July 9, 2019. The company added the fix mitigates how the CPU speculatively accesses memory. Microsoft also said the vulnerability does not require a microcode update from your device OEM.

Google Chromium advisory

Finally, Google added more details on the Spectre side channel vulnerabilities, to include the latest on SWAPGS.

Google expanded on the broader challenge presented by the Spectre variants, such as CVE-2017-5753 (Bounds check bypass Spectre variant 1) and CVE-2017-5715 (Branch target injection Spectre variant 2).

Readers can also review Intel guidance on side channel vulnerabilities here.