Announced 16 August 2019
A security issue affects Intel and AMD x86_64 CPUs.
A Spectre-v1-like vulnerability using the "SWAPGS" instruction (CVE-2019-1125) has been discovered in 64-bit CPUs. It could enable a skilled local attacker to access private information via a side channel attack. This vulnerability can be mitigated by operating system updates.
IGEL assigns only a score of "Low" to this vulnerability because on IGEL operating systems there is only one non-privileged user that owns private information. A scenario of another non-privileged user using this attack to access private data is therefore not realistic.
- IGEL OS 11: Update to IGEL OS 11.02.150 or newer (an earlier fix in IGEL OS 11.02.100 contains a backporting error, CVE-2019-15902).
- IGEL OS 10: Update to IGEL OS 10.06.120 or newer.
- IGEL Windows 10 IoT: Upgrade to IGEL Windows 10 IoT 4.04.110 or newer.
- Universal Desktop W7+: Update to Universal Desktop W7+ version 3.13.150 or newer.
Bitdefender: SWAPGS Attack: https://www.bitdefender.com/business/swapgs-attack.html
Red Hat Knowledgebase: CVE-2019-112: Spectre SWAPGS gadget vulnerability: https://access.redhat.com/articles/4329821