CERT mailing list archives

Previous By Date Next
Previous By Thread Next

SWAPGS Spectre Side-Channel Vulnerability

From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Tue, 06 Aug 2019 20:17:59 -0500
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

SWAPGS Spectre Side-Channel Vulnerability [ 
https://www.us-cert.gov/ncas/current-activity/2019/08/06/swapgs-spectre-side-channel-vulnerability ] 08/06/2019 08:21 
PM EDT 
Original release date: August 6, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a vulnerability (CVE-2019-1125) known as 
SWAPGS, which is a variant of Spectre Variant 1 [ https://www.us-cert.gov/ncas/alerts/TA18-004A ]that affects modern 
computer processors. This vulnerability can be exploited to steal sensitive data present in a computer systems' memory.

Spectre is a flaw an attacker can exploit to force a program to reveal its data. The name derives from "speculative 
execution"an optimization method a computer system performs to check whether it will work to prevent a delay when 
actually executed. Spectre affects almost all devices including desktops, laptops, and cloud servers.

CISA encourages users and administrators to review the following guidance, refer to their hardware and software vendors 
for additional details, and apply an appropriate patch when available:


  * Microsoft: Windows Kernel Information Disclosure Vulnerability [ 
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125 ] 
  * Red Hat: Spectre SWAPGS gadget vulnerability [ https://access.redhat.com/articles/4329821 ] 
  * Google: Spectre Side Channels [ 
https://chromium.googlesource.com/chromiumos/third_party/kernel/+/cc4c818b2219c58af5f0ca59f3e9f02c48bc0b65/Documentation/admin-guide/hw-vuln/spectre.rst
 ] 

This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ https://www.dhs.gov/privacy-policy ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Previous By Date Next
Previous By Thread Next

Current thread: