Bug 1724389 (CVE-2019-1125) - CVE-2019-1125 kernel: hw: Spectre SWAPGS gadget vulnerability
Summary: CVE-2019-1125 kernel: hw: Spectre SWAPGS gadget vulnerability
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-1125
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20190806:1500,...
Depends On: 1724501 1724503 1724505 1724506 1724507 1724508 1724509 1724510 1724511 1724513 1724514 1724516 1724517 1729810 1733309 1733310 1734078 1734623 1734624 1738287 1738288 1724500 1724502 1724504 1724512 1724515 1733852 1733853 1733854 1733855 1733856 1733858 1733859 1733876 1737703 1738285
Blocks: 1724388 1724666 1724661 1724662 1724663 1724664 1724665
TreeView+ depends on / blocked
 
Reported: 2019-06-27 01:12 UTC by Wade Mealing
Modified: 2019-08-15 02:02 UTC (History)
72 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A Spectre gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel.
Clone Of:
Environment:
Last Closed: 2019-08-07 13:18:17 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:2405 None None None 2019-08-07 12:57:49 UTC
Red Hat Product Errata RHSA-2019:2411 None None None 2019-08-07 15:18:35 UTC
Red Hat Product Errata RHSA-2019:2473 None None None 2019-08-13 14:59:36 UTC
Red Hat Product Errata RHSA-2019:2476 None None None 2019-08-13 17:43:30 UTC

Description Wade Mealing 2019-06-27 01:12:17 UTC
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization).  This flaw is a variant on the previous "speculative execution" attack vectors.

A spectre-v1 like side-channel was found on the kernels implementation of system calls where a local user could use branch misprediction to create an observable timing changes which can inadvertently reveal private data.

Note: This flaw affects both Intel x86-64 and AMD Microprocessors.  Other non x86 architectures do not have this attack vector available.

Red Hat product security is not aware of a method that an attacker can use this method of attack directly, fixing this flaw as part of the larger speculative execution issues reduces this attack vector if one becomes known.

After installing the updated kernel package, the system will need to be rebooted for the changes to take effect.

Upstream patch set:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2059825986a1c8143fd6698774fa9d83733bb11

Comment 20 Petr Matousek 2019-08-06 16:37:15 UTC
Statement:

Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article:  https://access.redhat.com/articles/4329821

Comment 21 Petr Matousek 2019-08-06 16:37:18 UTC
Mitigation:

For mitigation related information, please refer to the Red Hat Knowledgebase article:  https://access.redhat.com/articles/4329821

Comment 22 Petr Matousek 2019-08-06 17:02:25 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1738285]

Comment 24 errata-xmlrpc 2019-08-07 12:57:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:2405 https://access.redhat.com/errata/RHSA-2019:2405

Comment 25 Product Security DevOps Team 2019-08-07 13:18:17 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-1125

Comment 26 errata-xmlrpc 2019-08-07 15:18:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:2411 https://access.redhat.com/errata/RHSA-2019:2411

Comment 28 errata-xmlrpc 2019-08-13 14:59:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:2473 https://access.redhat.com/errata/RHSA-2019:2473

Comment 29 errata-xmlrpc 2019-08-13 17:43:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:2476 https://access.redhat.com/errata/RHSA-2019:2476


Note You need to log in before you can comment on or make changes to this bug.