Security researchers discovered SWAPGS, a new Specter flaw affecting Intel and AMD processors

SWAPGS affects Intel and AMD
Written by Brendan Smith

Researchers have found a new version of the Specter vulnerability, named SWAPGS that affects modern Intel and some models of AMD processors using speculative execution.

The security issue is named SWAPGS. The experts assigned the vulnerability identifier CVE-2019-1125.

Using this gap, an attacker can gain access to confidential information stored in the kernel memory of the operating system. This data may include passwords, tokens, and encryption keys.

Read also: IS experts discover BlueKeep-vulnerabilities scanner in Watchbog cryptominer

Bitdefender experts were the first to notice the security issue.

“The attack is a novel approach of leaking sensitive information from the kernel since it bypasses all known side-channel attack mitigation techniques. This is achieved by abusing the fact that SWAPGS instruction can be executed speculatively. An attacker can force arbitrary memory dereferences in kernel, which leaves traces within the data caches. These signals can be picked-up by the attacker to infer the value located at the given kernel address”, — reported Bitdefender specialists.

In response, Microsoft developers emphasized that they eliminated CVE-2019-1125 with the release of the July patch set.

“To successfully exploit this vulnerability, an attacker must log into the target system and launch a specially crafted application. The gap itself does not allow increasing the rights in the system, however, the attacker can collect information that will later be used for further compromise”, — Microsoft said.

Red Hat developers also issued a warning about SWAPGS.

“There is no known complete mitigation other than updating the kernel and rebooting the system. This kernel patch builds on existing spectre mitigations from previous updates”, — says Red Hat message.

Microsoft has not identified any mitigating factors for this vulnerability too.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Brendan Smith

I'm Brendan Smith, a passionate journalist, researcher, and web content developer. With a keen interest in computer technology and security, I specialize in delivering high-quality content that educates and empowers readers in navigating the digital landscape.

With a focus on computer technology and security, I am committed to sharing my knowledge and insights to help individuals and organizations protect themselves in the digital age. My expertise in cybersecurity principles, data privacy, and best practices allows me to provide practical tips and advice that readers can implement to enhance their online security.

Leave a Reply

Sending