Bug 1724389 (CVE-2019-1125)
Summary: | CVE-2019-1125 kernel: hw: Spectre SWAPGS gadget vulnerability | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Wade Mealing <wmealing> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, ahardin, airlied, asavkov, bhu, blc, bleanhar, brdeoliv, bskeggs, ccoleman, chris.snell, cperry, dblechte, dedgar, dfediuck, dhoward, dvlasenk, eedri, esammons, fhrbata, gmollett, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jcm, jeremy, jforbes, jglisse, jgoulding, jlelli, joe.lawrence, john.j5live, jonathan, josef, jpoimboe, jross, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, matt, mchappel, mchehab, mcressma, mgoldboi, michal.skrivanek, mjg59, mlangsdo, mzibrick, nmurray, plougher, pmatouse, rhandlin, rt-maint, rvrbovsk, sbonazzo, security-response-team, sherold, skontar, steved, williams, yozone, yturgema |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A Spectre gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-08-07 13:18:17 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1738287, 1738288, 1724500, 1724501, 1724502, 1724503, 1724504, 1724505, 1724506, 1724507, 1724508, 1724509, 1724510, 1724511, 1724512, 1724513, 1724514, 1724515, 1724516, 1724517, 1729810, 1733309, 1733310, 1733852, 1733853, 1733854, 1733855, 1733856, 1733858, 1733859, 1733876, 1734078, 1734623, 1734624, 1737703, 1738285 | ||
Bug Blocks: | 1724388, 1724661, 1724662, 1724663, 1724664, 1724665, 1724666 |
Description
Wade Mealing
2019-06-27 01:12:17 UTC
Statement: Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/4329821 Mitigation: For mitigation related information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/4329821 Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1738285] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2405 https://access.redhat.com/errata/RHSA-2019:2405 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-1125 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2411 https://access.redhat.com/errata/RHSA-2019:2411 Public Via: Whitepaper [1] by BitDefender and Article [2] by Intel [1] https://businessresources.bitdefender.com/speculatively-executing-segmentation-related-instructions-intel-cpus?utm_campaign=swapgs&utm_source=web [2] https://software.intel.com/security-software-guidance/insights/more-information-swapgs-and-speculative-only-segment-loads This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:2473 https://access.redhat.com/errata/RHSA-2019:2473 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Via RHSA-2019:2476 https://access.redhat.com/errata/RHSA-2019:2476 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2600 https://access.redhat.com/errata/RHSA-2019:2600 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2609 https://access.redhat.com/errata/RHSA-2019:2609 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2019:2695 https://access.redhat.com/errata/RHSA-2019:2695 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Extended Update Support Via RHSA-2019:2696 https://access.redhat.com/errata/RHSA-2019:2696 This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2019:2730 https://access.redhat.com/errata/RHSA-2019:2730 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Telco Extended Update Support Red Hat Enterprise Linux 7.2 Advanced Update Support Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions Via RHSA-2019:2899 https://access.redhat.com/errata/RHSA-2019:2899 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Telco Extended Update Support Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Via RHSA-2019:2900 https://access.redhat.com/errata/RHSA-2019:2900 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:2975 https://access.redhat.com/errata/RHSA-2019:2975 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2019:3011 https://access.redhat.com/errata/RHSA-2019:3011 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2019:3220 https://access.redhat.com/errata/RHSA-2019:3220 OpenShift Container Platform 4 does not ship its own kernel package, instead using versions shipped in RHEL. Removing from flaw bug affects. |