News Security

Security researchers discovered SWAPGS, a new Specter flaw affecting Intel and AMD processors

SWAPGS affects Intel and AMD
Written by Brendan Smith

Researchers have found a new version of the Specter vulnerability, named SWAPGS that affects modern Intel and some models of AMD processors using speculative execution.

The security issue is named SWAPGS. The experts assigned the vulnerability identifier CVE-2019-1125.

Using this gap, an attacker can gain access to confidential information stored in the kernel memory of the operating system. This data may include passwords, tokens, and encryption keys.

Read also: IS experts discover BlueKeep-vulnerabilities scanner in Watchbog cryptominer

Bitdefender experts were the first to notice the security issue.

“The attack is a novel approach of leaking sensitive information from the kernel since it bypasses all known side-channel attack mitigation techniques. This is achieved by abusing the fact that SWAPGS instruction can be executed speculatively. An attacker can force arbitrary memory dereferences in kernel, which leaves traces within the data caches. These signals can be picked-up by the attacker to infer the value located at the given kernel address”, — reported Bitdefender specialists.

In response, Microsoft developers emphasized that they eliminated CVE-2019-1125 with the release of the July patch set.

“To successfully exploit this vulnerability, an attacker must log into the target system and launch a specially crafted application. The gap itself does not allow increasing the rights in the system, however, the attacker can collect information that will later be used for further compromise”, — Microsoft said.

Red Hat developers also issued a warning about SWAPGS.

“There is no known complete mitigation other than updating the kernel and rebooting the system. This kernel patch builds on existing spectre mitigations from previous updates”, — says Red Hat message.

Microsoft has not identified any mitigating factors for this vulnerability too.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Brendan Smith

Journalist, researcher, web content developer, grant proposal editor. Efficient and proficient on multiple platforms and in diverse media. Computer technology and security are my specialties.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.