CVE-2019-1125

EUVD-2019-9702

03.09.2019, 18:15

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further.
On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125.
Microsoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.6 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
microsoft	CNA	5.6 MEDIUM				CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 94%

Affected Products (NVD)

Vendor	Product	Version
microsoft	windows_10	-
microsoft	windows_7	-
microsoft	windows_8.1	-
microsoft	windows_rt_8.1	-
microsoft	windows_server_2008	-
microsoft	windows_server_2012	-
microsoft	windows_server_2016	-
microsoft	windows_server_2019	-
redhat	virtualization_host	4.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.7
redhat	enterprise_linux_server_eus	7.7
redhat	enterprise_linux_server_tus	7.7
redhat	enterprise_linux_workstation	7.0

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

(x64, x86)	KB4507458
1607 (x64, x86)	KB4507460
1703 (x64, x86)	KB4507450
1709 (arm64, x64, x86)	KB4507455
1803 (arm64, x64, x86)	KB4507435
1809 (arm64, x64, x86)	KB4507469
1903 (arm64, x64, x86)	KB4507453

Windows 7

Service Pack 1 (x64, x86)

KB4507456

Windows 8.1

(x64, x86)

KB4507457

Windows RT 8.1

All

KB4507448

Windows Server

1803 Server Core	KB4507435
1903 Server Core	KB4507453

Windows Server 2008

Service Pack 2 (x64, x86)	KB4507461
Service Pack 2 Server Core (x64, x86)	KB4507461

Windows Server 2008 R2

Service Pack 1 (x64)	KB4507456
Service Pack 1 Server Core (x64)	KB4507456

Windows Server 2012

Server Core	KB4507464
Standard	KB4507464

Windows Server 2012 R2

Server Core	KB4507457
Standard	KB4507457

Windows Server 2016

Server Core	KB4507460
Standard	KB4507460

Windows Server 2019

Server Core	KB4507469
Standard	KB4507469

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.106-3 fixed
bookworm (security)	6.1.112-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.226-1 fixed
sid	6.11.6-1 fixed
trixie	6.11.5-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

bionic	Fixed 4.15.0-58.64 released
disco	Fixed 5.0.0-25.26 released
eoan	not-affected
trusty	ignored
xenial	Fixed 4.4.0-159.187 released

linux-aws

bionic	Fixed 4.15.0-1045.47 released
disco	Fixed 5.0.0-1012.13 released
eoan	not-affected
trusty	Fixed 4.4.0-1054.58 released
xenial	Fixed 4.4.0-1090.101 released

linux-aws-5.0

bionic	not-affected
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-aws-hwe

bionic	dne
disco	dne
eoan	dne
trusty	dne
xenial	Fixed 4.15.0-1045.47~16.04.1 released

linux-azure

bionic	Fixed 5.0.0-1014.14~18.04.1 released
disco	Fixed 5.0.0-1014.14 released
eoan	not-affected
trusty	Fixed 4.15.0-1059.64~14.04.1 released
xenial	Fixed 4.15.0-1055.60 released

linux-azure-5.3

bionic	not-affected
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-azure-edge

bionic	Fixed 5.0.0-1014.14~18.04.1 released
disco	dne
eoan	dne
trusty	dne
xenial	Fixed 4.15.0-1055.60 released

linux-gcp

bionic	Fixed 4.15.0-1040.42 released
disco	Fixed 5.0.0-1013.13 released
eoan	not-affected
trusty	dne
xenial	Fixed 4.15.0-1040.42~16.04.1 released

linux-gcp-5.3

bionic	not-affected
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-gcp-edge

bionic	Fixed 4.15.0-1040.42 released
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-gke-4.15

bionic	Fixed 4.15.0-1040.42 released
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-gke-5.0

bionic	Fixed 5.0.0-1013.13~18.04.1 released
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-hwe

bionic	Fixed 5.0.0-25.26~18.04.1 released
disco	dne
eoan	dne
trusty	dne
xenial	Fixed 4.15.0-58.64~16.04.1 released

linux-hwe-edge

bionic	ignored
disco	dne
eoan	dne
trusty	dne
xenial	Fixed 4.15.0-58.64~16.04.1 released

linux-kvm

bionic	Fixed 4.15.0-1042.42 released
disco	Fixed 5.0.0-1013.14 released
eoan	not-affected
trusty	dne
xenial	Fixed 4.4.0-1054.61 released

linux-lts-trusty

bionic	dne
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-lts-xenial

bionic	dne
disco	dne
eoan	dne
trusty	Fixed 4.4.0-164.192~14.04.1 released
xenial	dne

linux-oem

bionic	Fixed 4.15.0-1050.57 released
disco	Fixed 4.15.0-1050.57 released
eoan	Fixed 4.15.0-1050.57 released
trusty	dne
xenial	ignored

linux-oem-5.4

bionic	dne
eoan	dne
trusty	dne
xenial	dne

linux-oem-osp1

bionic	Fixed 5.0.0-1018.20 released
disco	ignored
eoan	Fixed 5.0.0-1018.20 released
trusty	dne
xenial	dne

linux-oracle

bionic	Fixed 4.15.0-1021.23 released
disco	Fixed 5.0.0-1004.8 released
eoan	not-affected
trusty	dne
xenial	Fixed 4.15.0-1021.23~16.04.1 released

linux-oracle-5.0

bionic	not-affected
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-raspi2

bionic	not-affected
disco	not-affected
eoan	not-affected
trusty	dne
xenial	not-affected

linux-raspi2-5.3

bionic	not-affected
eoan	dne
trusty	dne
xenial	dne

linux-snapdragon

bionic	not-affected
disco	not-affected
eoan	dne
trusty	dne
xenial	not-affected

References

http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-en

https://access.redhat.com/errata/RHBA-2019:2824

https://access.redhat.com/errata/RHBA-2019:3248

https://access.redhat.com/errata/RHSA-2019:2600

https://access.redhat.com/errata/RHSA-2019:2609

https://access.redhat.com/errata/RHSA-2019:2695

https://access.redhat.com/errata/RHSA-2019:2696

https://access.redhat.com/errata/RHSA-2019:2730

https://access.redhat.com/errata/RHSA-2019:2899

https://access.redhat.com/errata/RHSA-2019:2900

https://access.redhat.com/errata/RHSA-2019:2975

https://access.redhat.com/errata/RHSA-2019:3011

https://access.redhat.com/errata/RHSA-2019:3220

https://kc.mcafee.com/corporate/index?page=content&id=SB10297

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125

https://www.synology.com/security/advisory/Synology_SA_19_32