Industry-wide severity ratings can be found in the National Vulnerability Database
The IA-32 architecture uses memory segmentation in the formation of physical memory addresses. Segment descriptors specify a base address (along with other attributes) for each segment, on which the rest of the physical address is built. Segment information is stored in a table in memory, and the individual segments are referenced by selectors that act as indices into this table. Many operating systems (OSes) use the GS segment register to reference application and kernel data that is specific to a thread or processor. In such cases, the operating system maintains both user space and kernel values of GS. The
SWAPGS instruction is a privileged CPU instruction used to exchange the application and kernel values of GS. If operating systems that use
SWAPGS to switch the contents of the GS register on kernel entry have code paths that conditionally determine whether or not to execute the instruction and then also contain memory references offset from the register, those OSes may be vulnerable to malicious actors who can cause the
SWAPGS instruction to be speculatively executed or bypassed. The CVE assigned to this vulnerability is CVE-2019-1125 (5.6 Medium CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C).
Refer to Intel Analysis of Speculative Behavior of SWAPGS and Segment Registers for more information on the role of segment registers in this vulnerability.
OS and VMM Developers
After assessing this issue, industry partners determined that mitigations for this issue would be implemented by the operating system. Refer to Intel Analysis of Speculative Behavior of SWAPGS and Segment Registers for more details, including example code.
System Administrators and Application Developers
Intel recommends that you always keep your systems up to date with the latest security updates and guidance from your OS and virtual machine monitor (VMM) vendors.