|
Disclosure date: Published date: |
|
Industry-wide severity ratings can be found in the National Vulnerability Database |
Severity rating: Related Content
More Information on SWAPGS and Speculative only Segment Loads
Intel Analysis of the Speculative Behavior of SWAPGS and Segment Registers
List of processors potentially affected by the Speculative Behavior of SWAPGS and Segment Registers
Overview
SWAPGS
The IA-32 architecture uses memory segmentation in the formation of physical memory addresses. Segment descriptors specify a base address (along with other attributes) for each segment, on which the rest of the physical address is built. Segment information is stored in a table in memory, and the individual segments are referenced by selectors that act as indices into this table. Many operating systems (OSes) use the GS segment register to reference application and kernel data that is specific to a thread or processor. In such cases, the operating system maintains both user space and kernel values of GS. The SWAPGS instruction is a privileged CPU instruction used to exchange the application and kernel values of GS. If operating systems that use SWAPGS to switch the contents of the GS register on kernel entry have code paths that conditionally determine whether or not to execute the instruction and then also contain memory references offset from the register, those OSes may be vulnerable to malicious actors who can cause the SWAPGS instruction to be speculatively executed or bypassed. The CVE assigned to this vulnerability is CVE-2019-1125 (5.6 Medium CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C).
Segment Registers
Refer to Intel Analysis of Speculative Behavior of SWAPGS and Segment Registers for more information on the role of segment registers in this vulnerability.
Mitigation
OS and VMM Developers
After assessing this issue, industry partners determined that mitigations for this issue would be implemented by the operating system. Refer to Intel Analysis of Speculative Behavior of SWAPGS and Segment Registers for more details, including example code.
You can also find additional information in the Microsoft* security advisory for Windows* operating systems and the latest kernel.org documentation for Linux* operating systems.
System Administrators and Application Developers
Intel recommends that you always keep your systems up to date with the latest security updates and guidance from your OS and virtual machine monitor (VMM) vendors.