ISN 2019-10: Spectre SWAPGS CPU vulnerability

Announced 16 August 2019

Score: Low

A security issue affects Intel and AMD x86_64 CPUs.

Details

A Spectre-v1-like vulnerability using the "SWAPGS" instruction (CVE-2019-1125) has been discovered in 64-bit CPUs. It could enable a skilled local attacker to access private information via a side channel attack. This vulnerability can be mitigated by operating system updates.

IGEL assigns only a score of "Low" to this vulnerability, because on IGEL operating systems there is only one non-privileged user that owns private information. A scenario of another non-privileged user using this attack to access private data is therefore not realistic.

Update instructions:

  • IGEL OS 11: Update to IGEL OS 11.02.150 or newer (an earlier fix in IGEL OS 11.02.100 contains a backporting error, CVE-2019-15902).
  • IGEL OS 10: Update to IGEL OS 10.06.120 or newer.
  • IGEL Windows 10 IoT: Upgrade to IGEL Windows 10 IoT 4.04.110 or newer.
  • Universal Desktop W7+: Update to Universal Desktop W7+ version 3.13.150 or newer.

References

Bitdefender: SWAPGS Attack: https://www.bitdefender.com/business/swapgs-attack.html

Red Hat Knowledgebase: CVE-2019-112: Spectre SWAPGS gadget vulnerability: https://access.redhat.com/articles/4329821

Last update: December 10, 2019