Bug 1724389 (CVE-2019-1125) - CVE-2019-1125 kernel: hw: Spectre SWAPGS gadget vulnerability
Summary: CVE-2019-1125 kernel: hw: Spectre SWAPGS gadget vulnerability
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-1125
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1738287 1738288 1724500 1724501 1724502 1724503 1724504 1724505 1724506 1724507 1724508 1724509 1724510 1724511 1724512 1724513 1724514 1724515 1724516 1724517 1729810 1733309 1733310 1733852 1733853 1733854 1733855 1733856 1733858 1733859 1733876 1734078 1734623 1734624 1737703 1738285
Blocks: 1724388 1724661 1724662 1724663 1724664 1724665 1724666
TreeView+ depends on / blocked
 
Reported: 2019-06-27 01:12 UTC by Wade Mealing
Modified: 2023-05-12 21:16 UTC (History)
70 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A Spectre gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel.
Clone Of:
Environment:
Last Closed: 2019-08-07 13:18:17 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:2685 0 None None None 2019-09-09 13:25:33 UTC
Red Hat Product Errata RHBA-2019:2693 0 None None None 2019-09-09 23:27:28 UTC
Red Hat Product Errata RHBA-2019:2960 0 None None None 2019-10-03 10:06:23 UTC
Red Hat Product Errata RHBA-2019:2961 0 None None None 2019-10-03 10:12:15 UTC
Red Hat Product Errata RHSA-2019:2405 0 None None None 2019-08-07 12:57:49 UTC
Red Hat Product Errata RHSA-2019:2411 0 None None None 2019-08-07 15:18:35 UTC
Red Hat Product Errata RHSA-2019:2473 0 None None None 2019-08-13 14:59:36 UTC
Red Hat Product Errata RHSA-2019:2476 0 None None None 2019-08-13 17:43:30 UTC
Red Hat Product Errata RHSA-2019:2600 0 None None None 2019-09-03 17:41:10 UTC
Red Hat Product Errata RHSA-2019:2609 0 None None None 2019-09-03 17:42:30 UTC
Red Hat Product Errata RHSA-2019:2695 0 None None None 2019-09-10 10:27:46 UTC
Red Hat Product Errata RHSA-2019:2696 0 None None None 2019-09-10 13:46:15 UTC
Red Hat Product Errata RHSA-2019:2730 0 None None None 2019-09-11 09:09:27 UTC
Red Hat Product Errata RHSA-2019:2899 0 None None None 2019-09-25 12:17:29 UTC
Red Hat Product Errata RHSA-2019:2900 0 None None None 2019-09-25 12:25:09 UTC
Red Hat Product Errata RHSA-2019:2975 0 None None None 2019-10-08 09:59:52 UTC
Red Hat Product Errata RHSA-2019:3011 0 None None None 2019-10-10 15:37:20 UTC
Red Hat Product Errata RHSA-2019:3220 0 None None None 2019-10-29 13:12:05 UTC

Description Wade Mealing 2019-06-27 01:12:17 UTC 
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization).  This flaw is a variant on the previous "speculative execution" attack vectors.

A spectre-v1 like side-channel was found on the kernels implementation of system calls where a local user could use branch misprediction to create an observable timing changes which can inadvertently reveal private data.

Note: This flaw affects both Intel x86-64 and AMD Microprocessors.  Other non x86 architectures do not have this attack vector available.

Red Hat product security is not aware of a method that an attacker can use this method of attack directly, fixing this flaw as part of the larger speculative execution issues reduces this attack vector if one becomes known.

After installing the updated kernel package, the system will need to be rebooted for the changes to take effect.

Upstream patch set:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2059825986a1c8143fd6698774fa9d83733bb11
Comment 20 Petr Matousek 2019-08-06 16:37:15 UTC 
Statement:

Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article:  https://access.redhat.com/articles/4329821
Comment 21 Petr Matousek 2019-08-06 16:37:18 UTC 
Mitigation:

For mitigation related information, please refer to the Red Hat Knowledgebase article:  https://access.redhat.com/articles/4329821
Comment 22 Petr Matousek 2019-08-06 17:02:25 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1738285]
Comment 24 errata-xmlrpc 2019-08-07 12:57:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:2405 https://access.redhat.com/errata/RHSA-2019:2405
Comment 25 Product Security DevOps Team 2019-08-07 13:18:17 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-1125
Comment 26 errata-xmlrpc 2019-08-07 15:18:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:2411 https://access.redhat.com/errata/RHSA-2019:2411
Comment 27 msiddiqu 2019-08-07 16:05:34 UTC 
Public Via: Whitepaper [1] by BitDefender and Article [2] by Intel 

[1] https://businessresources.bitdefender.com/speculatively-executing-segmentation-related-instructions-intel-cpus?utm_campaign=swapgs&utm_source=web 
[2] https://software.intel.com/security-software-guidance/insights/more-information-swapgs-and-speculative-only-segment-loads
Comment 28 errata-xmlrpc 2019-08-13 14:59:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:2473 https://access.redhat.com/errata/RHSA-2019:2473
Comment 29 errata-xmlrpc 2019-08-13 17:43:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:2476 https://access.redhat.com/errata/RHSA-2019:2476
Comment 31 errata-xmlrpc 2019-09-03 17:41:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2600 https://access.redhat.com/errata/RHSA-2019:2600
Comment 32 errata-xmlrpc 2019-09-03 17:42:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2609 https://access.redhat.com/errata/RHSA-2019:2609
Comment 34 errata-xmlrpc 2019-09-10 10:27:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:2695 https://access.redhat.com/errata/RHSA-2019:2695
Comment 35 errata-xmlrpc 2019-09-10 13:46:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2019:2696 https://access.redhat.com/errata/RHSA-2019:2696
Comment 38 errata-xmlrpc 2019-09-11 09:09:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2019:2730 https://access.redhat.com/errata/RHSA-2019:2730
Comment 42 errata-xmlrpc 2019-09-25 12:17:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Telco Extended Update Support
  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions

Via RHSA-2019:2899 https://access.redhat.com/errata/RHSA-2019:2899
Comment 43 errata-xmlrpc 2019-09-25 12:25:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Telco Extended Update Support
  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions

Via RHSA-2019:2900 https://access.redhat.com/errata/RHSA-2019:2900
Comment 44 errata-xmlrpc 2019-10-08 09:59:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:2975 https://access.redhat.com/errata/RHSA-2019:2975
Comment 45 errata-xmlrpc 2019-10-10 15:37:16 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2019:3011 https://access.redhat.com/errata/RHSA-2019:3011
Comment 46 errata-xmlrpc 2019-10-29 13:12:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2019:3220 https://access.redhat.com/errata/RHSA-2019:3220
Comment 50 Sam Fowler 2020-05-18 06:37:39 UTC 
OpenShift Container Platform 4 does not ship its own kernel package, instead using versions shipped in RHEL. Removing from flaw bug affects.
Note You need to log in before you can comment on or make changes to this bug.