CVE-2019-1125
Published: 6 August 2019
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further. On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125. Microsoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM.
From the Ubuntu Security Team
Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory).
Notes
Author | Note |
---|---|
tyhicks | This issue is not believed to be exploitable in the Linux kernel but kernel updates will be made available to ensure that it cannot be exploited Kernel updates will soon be available for testing in the Proposed pocket and they are expected to be officially released on August 12th See the following page if you'd like to test the patched kernels from the Proposed pocket: https://wiki.ubuntu.com/Testing/EnableProposed |
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-58.64)
|
disco |
Released
(5.0.0-25.26)
|
|
eoan |
Not vulnerable
(5.2.0-13.14)
|
|
trusty |
Ignored
(was needs-triage ESM criteria)
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.4.0-159.187)
|
|
Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1045.47)
|
disco |
Released
(5.0.0-1012.13)
|
|
eoan |
Not vulnerable
(5.0.0-1012.13)
|
|
trusty |
Released
(4.4.0-1054.58)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.4.0-1090.101)
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1021.24~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.15.0-1045.47~16.04.1)
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1014.14~18.04.1)
|
disco |
Released
(5.0.0-1014.14)
|
|
eoan |
Not vulnerable
(5.0.0-1014.14)
|
|
trusty |
Released
(4.15.0-1059.64~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.15.0-1055.60)
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1007.8~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1014.14~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.15.0-1055.60)
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1040.42)
|
disco |
Released
(5.0.0-1013.13)
|
|
eoan |
Not vulnerable
(5.0.0-1013.13)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.15.0-1040.42~16.04.1)
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1008.9~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1040.42)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1040.42)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1013.13~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-25.26~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.15.0-58.64~16.04.1)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was pending)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.15.0-58.64~16.04.1)
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1042.42)
|
disco |
Released
(5.0.0-1013.14)
|
|
eoan |
Not vulnerable
(5.0.0-1013.14)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.4.0-1054.61)
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Released
(4.4.0-164.192~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1050.57)
|
disco |
Released
(4.15.0-1050.57)
|
|
eoan |
Released
(4.15.0-1050.57)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
|
linux-oem-5.4 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1018.20)
|
disco |
Ignored
(end of life, was pending)
|
|
eoan |
Released
(5.0.0-1018.20)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1021.23)
|
disco |
Released
(5.0.0-1004.8)
|
|
eoan |
Not vulnerable
(5.3.0-1002.2)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Released
(4.15.0-1021.23~16.04.1)
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1007.12~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(does not affect ARM processors)
|
disco |
Not vulnerable
(does not affect ARM processors)
|
|
eoan |
Not vulnerable
(does not affect ARM processors)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Not vulnerable
(does not affect ARM processors)
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1017.19~18.04.1)
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Does not exist
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(does not affect ARM processors)
|
disco |
Not vulnerable
(does not affect ARM processors)
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3~rc4)
|
|
xenial |
Not vulnerable
(does not affect ARM processors)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.6 |
Attack vector | Local |
Attack complexity | High |
Privileges required | Low |
User interaction | None |
Scope | Changed |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
References
- https://www.bitdefender.com/business/swapgs-attack.html
- https://ubuntu.com/security/notices/USN-4093-1
- https://ubuntu.com/security/notices/USN-4094-1
- https://ubuntu.com/security/notices/USN-4095-1
- https://ubuntu.com/security/notices/USN-4095-2
- https://ubuntu.com/security/notices/USN-4096-1
- https://www.cve.org/CVERecord?id=CVE-2019-1125
- NVD
- Launchpad
- Debian