CERT mailing list archives
SWAPGS Spectre Side-Channel Vulnerability
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Tue, 06 Aug 2019 20:17:59 -0500
Cybersecurity and Infrastructure Security Agency Logo National Cyber Awareness System: SWAPGS Spectre Side-Channel Vulnerability [ https://www.us-cert.gov/ncas/current-activity/2019/08/06/swapgs-spectre-side-channel-vulnerability ] 08/06/2019 08:21 PM EDT Original release date: August 6, 2019 The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a vulnerability (CVE-2019-1125) known as SWAPGS, which is a variant of Spectre Variant 1 [ https://www.us-cert.gov/ncas/alerts/TA18-004A ]that affects modern computer processors. This vulnerability can be exploited to steal sensitive data present in a computer systems' memory. Spectre is a flaw an attacker can exploit to force a program to reveal its data. The name derives from "speculative execution"an optimization method a computer system performs to check whether it will work to prevent a delay when actually executed. Spectre affects almost all devices including desktops, laptops, and cloud servers. CISA encourages users and administrators to review the following guidance, refer to their hardware and software vendors for additional details, and apply an appropriate patch when available: * Microsoft: Windows Kernel Information Disclosure Vulnerability [ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125 ] * Red Hat: Spectre SWAPGS gadget vulnerability [ https://access.redhat.com/articles/4329821 ] * Google: Spectre Side Channels [ https://chromium.googlesource.com/chromiumos/third_party/kernel/+/cc4c818b2219c58af5f0ca59f3e9f02c48bc0b65/Documentation/admin-guide/hw-vuln/spectre.rst ] This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ https://www.dhs.gov/privacy-policy ] policy. body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: #333333; } ________________________________________________________________________ A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () ncas us-cert gov to your address book. OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- SWAPGS Spectre Side-Channel Vulnerability US-CERT (Aug 06)