CVE-2019-1125
Published: 6 August 2019
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073.
From the Ubuntu security team
Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory).
Priority
CVSS 3 base score: 5.5
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-58.64)
|
disco |
Released
(5.0.0-25.26)
|
|
eoan |
Not vulnerable
(5.2.0-13.14)
|
|
precise |
Ignored
(was needs-triage ESM criteria)
|
|
trusty |
Ignored
(was needs-triage ESM criteria)
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.4.0-159.187)
|
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1045.47)
|
disco |
Released
(5.0.0-1012.13)
|
|
eoan |
Not vulnerable
(5.0.0-1012.13)
|
|
precise |
Does not exist
|
|
trusty |
Released
(4.4.0-1054.58)
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.4.0-1090.101)
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1021.24~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.15.0-1045.47~16.04.1)
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1014.14~18.04.1)
|
disco |
Released
(5.0.0-1014.14)
|
|
eoan |
Not vulnerable
(5.0.0-1014.14)
|
|
precise |
Does not exist
|
|
trusty |
Released
(4.15.0-1059.64~14.04.1)
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.15.0-1055.60)
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1007.8~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1014.14~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.15.0-1055.60)
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1040.42)
|
disco |
Released
(5.0.0-1013.13)
|
|
eoan |
Not vulnerable
(5.0.0-1013.13)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.15.0-1040.42~16.04.1)
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1008.9~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1040.42)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1040.42)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1013.13~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-25.26~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.15.0-58.64~16.04.1)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was pending \[5.3.0-19.20~18.04.2\] now end-of-life)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.15.0-58.64~16.04.1)
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1042.42)
|
disco |
Released
(5.0.0-1013.14)
|
|
eoan |
Not vulnerable
(5.0.0-1013.14)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.4.0-1054.61)
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
precise |
Ignored
(was needed ESM criteria)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Released
(4.4.0-164.192~14.04.1)
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1050.57)
|
disco |
Released
(4.15.0-1050.57)
|
|
eoan |
Released
(4.15.0-1050.57)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Ignored
(was needs-triage now end-of-life)
|
|
linux-oem-5.4 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1018.20)
|
disco |
Ignored
(was pending \[5.0.0-1018.20\] now end-of-life)
|
|
eoan |
Released
(5.0.0-1018.20)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1021.23)
|
disco |
Released
(5.0.0-1004.8)
|
|
eoan |
Not vulnerable
(5.3.0-1002.2)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.15.0-1021.23~16.04.1)
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1007.12~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(does not affect ARM processors)
|
disco |
Not vulnerable
(does not affect ARM processors)
|
|
eoan |
Not vulnerable
(does not affect ARM processors)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Not vulnerable
(does not affect ARM processors)
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1017.19~18.04.1)
|
eoan |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(does not affect ARM processors)
|
disco |
Not vulnerable
(does not affect ARM processors)
|
|
eoan |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Not vulnerable
(does not affect ARM processors)
|
Notes
Author | Note |
---|---|
tyhicks | This issue is not believed to be exploitable in the Linux kernel but kernel updates will be made available to ensure that it cannot be exploited Kernel updates will soon be available for testing in the Proposed pocket and they are expected to be officially released on August 12th See the following page if you'd like to test the patched kernels from the Proposed pocket: https://wiki.ubuntu.com/Testing/EnableProposed |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1125
- https://www.bitdefender.com/business/swapgs-attack.html
- https://ubuntu.com/security/notices/USN-4093-1
- https://ubuntu.com/security/notices/USN-4094-1
- https://ubuntu.com/security/notices/USN-4095-1
- https://ubuntu.com/security/notices/USN-4095-2
- https://ubuntu.com/security/notices/USN-4096-1
- NVD
- Launchpad
- Debian