SWAPGS (security vulnerability)

SWAPGS is a computer security vulnerability that utilizes the branch prediction used in modern microprocessors.^[1]^[2]^[3] Most processors use a form of speculative execution, this feature allows the processors to make educated guesses about the instructions that will most likely need to be executed in the near future. This speculation can leave traces in the cache which attackers use to extract data using a timing attack, similar to side channel exploitation of Spectre.^[4]

The Common Vulnerabilities and Exposures ID issued to this vulnerability is CVE-2019-1125.^[5]

History

SWAPSG is closely related to the Spectre-V1 vulnerability which used similar side channel vulnerabilities to access privileged cache memory in an operating system. The vulnerability was discovered by Andrei Vlad Lutas of Bitdefender and was reported to Intel. Intel coordinated with industry partners to address the issue on a software level.^[6] The first patches for SWAPSG were released on 9 July 2019 as part of the Microsoft Patch Tuesday. However, details regarding the vulnerability were not disclosed until 6 August 2019.^[7]

The SWAPGS website published on 9 August 2019 as a central location for information and new regarding SWAPGS.

Affected systems

Any Intel based processor which support SWAPGS and WRGSBASE instructions are affected. This includes every Intel processor starting from the Intel Ivy Bridge CPUs up to the most recent Intel processors.

Devices equipped with AMD processors are not effected according to the companies product security update.^[8]

AMD is aware of new research claiming new speculative execution attacks that may allow access to privileged kernel data. Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS. For the attack that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1.
— https://www.amd.com/en/corporate/product-security

Mitigation

For Windows operating system based devices, Microsoft's security advisory lists the patches released in July 2019 which fix the vulnerability.^[9]

For Linux distributions, it is advised to check if there are SWAPGS specific patches which need to be applied.

While Bitdefender mentions in their original report that Apple devices are unlikely to be at risk.^[10]

References

^ "SWAPGS Spectre Side-Channel Vulnerability: CISA". www.us-cert.gov. United States: United States Computer Emergency Readiness Team. Retrieved 2019-09-20.
^ "SWAPGS Attack". bitdefender.com. Bitdefender. 6 August 2019. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
^ "SWAPGS speculative execution and speculative only segment loads CPU vulnerabilities /Support /SUSE". www.suse.com. SUSE Linux. Retrieved 2019-09-20.
^ "More information on SWAPGS and Speculative only Segment Loads". Intel.com. Intel. 6 August 2019. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
^ "CVE - CVE-2019-1125". cve.mitre.org. United States: Mitre Corporation. Retrieved 2019-09-20.
^ "SWAPGS Vulnerability in Modern CPUs Fixed in Windows, Linux, ChromeOS". bleepingcomputer.com. Bleeping Computer. 6 August 2019. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
^ "Windows Kernel Information Disclosure Vulnerability". portal.msrc.microsoft.com. Microsoft. 6 August 2019. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
^ "Product Security". amd.com. AMD. 6 August 2019. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
^ "SWAPGS Attack – The Newest Spectre for Intel CPUs". Lansweeper.com. 7 August 2019. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
^ "Bitdefender SWAPGS FAQ". bitdefender.com. 6 August 2019. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)

[1] "SWAPGS Spectre Side-Channel Vulnerability: CISA". www.us-cert.gov. United States: United States Computer Emergency Readiness Team. Retrieved 2019-09-20.

[2] "SWAPGS Attack". bitdefender.com. Bitdefender. 6 August 2019. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)

[3] "SWAPGS speculative execution and speculative only segment loads CPU vulnerabilities /Support /SUSE". www.suse.com. SUSE Linux. Retrieved 2019-09-20.

[4] "More information on SWAPGS and Speculative only Segment Loads". Intel.com. Intel. 6 August 2019. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)

[5] "CVE - CVE-2019-1125". cve.mitre.org. United States: Mitre Corporation. Retrieved 2019-09-20.

[6] "SWAPGS Vulnerability in Modern CPUs Fixed in Windows, Linux, ChromeOS". bleepingcomputer.com. Bleeping Computer. 6 August 2019. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)

[7] "Windows Kernel Information Disclosure Vulnerability". portal.msrc.microsoft.com. Microsoft. 6 August 2019. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)

[8] "Product Security". amd.com. AMD. 6 August 2019. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)

[9] "SWAPGS Attack – The Newest Spectre for Intel CPUs". Lansweeper.com. 7 August 2019. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)

[10] "Bitdefender SWAPGS FAQ". bitdefender.com. 6 August 2019. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]