SWAPGS Vulnerability

The Newest Spectre for Intel CPUs - CVE-2019-1125

What is SWAPGS Spectre Side-Channel Vulnerability?

The vulnerability, named SWAPGS, is a speculative execution exploit that allows attackers to steal sensitive information from vulnerable devices. To expand execution times in CPUs, a component will execute orders before it knows whether these orders are required or not, known as speculative execution. The exploits that focus on this component are called side-channel attacks since they focus on the implantation of speculative execution rather than a weakness in the implementation

In this side-channel exploit found by Bitdefender, assailants “break the memory isolation provided by the CPU, allowing an unprivileged attacker to access privileged, kernel memory.”

They are obtained through the SWAPGS guidance found in 64-bit CPUs that, when controlled, effectively can be utilized to release touchy data from bit memory notwithstanding when the malevolent procedure is running with low client authorizations.

The malicious procedure can give assailants a take on any kind of data that is put away in the memory, including talk messages, messages, login qualifications, installment data, passwords, encryption keys, tokens, or access accreditations.

3 steps to tackle the SWAPGS Vulnerability

Do you have PC's with Intel CPUs?

With a market share of circa 70%, it’s most likely that there are computers with Intel CPUs in your company.

Audit your IT environment

Discover all devices in your IT network to see which are infected. There are a lot of good tools on the web to audit a whole IT network.

Patch All Affected Workstations

Microsoft silently issued a patch for the SWAPGS flaw in their July Patch Tuesday rollup.

FAQ

The vulnerability abuses the speculative nature of the primitive SWAPGS instruction.

If you have an Intel CPU, most likely, yes.

Probably not. The exploitation of SWAPGS does not leave traces in traditional log files.

Unprivileged local attackers could potentially gain access to sensitive information stored in the operating system privileged kernel memory, including passwords, tokens, and encryption keys.

CVE-2019-1125 is the official reference to SWAPGS. CVE is the Standard for Information Security Vulnerability Names maintained by MITRE.

Microsoft included fixes for SWAPSG in their July Patch Tuesday. They also have a dedicated advisory page for CVE-2019-1125 which also lists all the patches.

For Linux distributions, it is best to take a look at the distribution’s website to see if any patches are available. Red Hat engineer Josh Poimboeuf did share a patch for the Linux kernel.

Apple has not disclosed any information yet whether iOS devices are affected. However, BitDefender suspects Apple devices are not affected.

Google has added a fix to ChromeOS 4.19 and Android 4.19.

Any device running an Intel CPU that support SWAPGS and WRGSBASE instructions is affected. This means devices with an Intel Ivy Bridge CPUs (introduced 2012) to the latest Intel processors on the market. This includes workstations, servers, laptops, cloud servers, smartphones.

Any device running an Intel Ivy Bridge or newer CPU: desktops, laptops, servers, etc.

AMD released an update on their product security page in which they state that they do not believe they are affected.

AMD is aware of new research claiming new speculative execution attacks that may allow access to privileged kernel data. Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS. For the attack that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1.

Initial reports mentioned that the mitigation patches would only have very minimal performance impact. Phoronix did an in-depth performance review of the patches released.

Can I see Spectre SWAPGS Attack in action?