The Hacker News: SWAPGS Attack — New Speculative Execution Flaw Affects All Modern Intel CPUs

A new variant of the Spectre (Variant 1) side-channel vulnerability has been discovered that affects all modern Intel CPUs, and probably some AMD processors as well, which leverage speculative execution for high performance, Microsoft and Red Hat warned.

Identified as CVE-2019-1125, the vulnerability could allow unprivileged local attackers to access sensitive information stored in the operating system privileged kernel memory, including passwords, tokens, and encryption keys, that would otherwise be inaccessible.

Speculative execution is a core component of modern microprocessor design that speculatively executes instructions based on assumptions that

are considered likely to be true. If the assumptions come out to be valid, the execution continues, otherwise discarded. Such speculative executions also have side effects that are not restored when the CPU state is unwound, leading to information disclosure, which can then be accessed using side-channel attacks.

Microsoft silently issued patches for the new speculative execution vulnerability in its July 2019 Patch Tuesday security update which was discovered and responsibly disclosed by researchers at security firm Bitdefender.

According to a security advisory released today by Red Hat, the attack relies on speculatively executing unexpected SWAPGS instructions after a branch gets mispredicted.
are considered likely to be true. If the assumptions come out to be valid, the execution continues, otherwise discarded.

Read More on Thehackernews.com