Trending CVEs for the Week of August 12th, 2019

CVE-2019-1125 – SWAPGS Vulnerability

Description 

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. This SWAPGS vulnerability allows local programs, like malware, to read data from memory that is should normally not have access to, such as the Windows or Linux kernel memory.

Affected Products

  • Windows Modern CPUs
  • Intel Modern CPUs
  • Red Hat Modern CPUs
  • ChromeOS 4.19 and Android 4.19

Fixes

Microsoft Advisory explained the situation here, Intel addressed the vulnerability here, Red Hat shared the patch here and Google shared here.

References

Microsoft Security Advisor

Intel Security Advisor

Linux Kernel Source Tree

Google