Security Software

Speculative Behavior of SWAPGS and Segment Registers / CVE-2019-1125 /

2019-08-06
2019-08-06
5.6

Medium

Industry-wide severity ratings can be found in the National Vulnerability Database

Critical
Medium
High
Low

Overview

SWAPGS

The IA-32 architecture uses memory segmentation in the formation of physical memory addresses. Segment descriptors specify a base address (along with other attributes) for each segment, on which the rest of the physical address is built. Segment information is stored in a table in memory, and the individual segments are referenced by selectors that act as indices into this table. Many operating systems (OSes) use the GS segment register to reference application and kernel data that is specific to a thread or processor. In such cases, the operating system maintains both user space and kernel values of GS. The SWAPGS instruction is a privileged CPU instruction used to exchange the application and kernel values of GS. If operating systems that use SWAPGS to switch the contents of the GS register on kernel entry have code paths that conditionally determine whether or not to execute the instruction and then also contain memory references offset from the register, those OSes may be vulnerable to malicious actors who can cause the SWAPGS instruction to be speculatively executed or bypassed. The CVE assigned to this vulnerability is CVE-2019-1125 (5.6 Medium CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C).

Segment Registers

Refer to the Deep Dive: Intel Analysis of Speculative Behavior of SWAPGS and Segment Registers for more information on the role of segment registers in this vulnerability.

Mitigation

OS and VMM Developers

After assessing this issue, industry partners determined that mitigations for this issue would be implemented by the operating system. Refer to the Deep Dive: Intel Analysis of Speculative Behavior of SWAPGS and Segment Registers for more details, including example code. 

You can also find additional information in the Microsoft* security advisory for Windows* operating systems and the latest kernel.org documentation for Linux* operating systems.

System Administrators and Application Developers

Intel recommends that you always keep your systems up to date with the latest security updates and guidance from your OS and virtual machine monitor (VMM) vendors.


Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at www.intel.com.

All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps.

The products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request.

Intel provides these materials as-is, with no express or implied warranties.

No product or component can be absolutely secure.

Intel, the Intel logo, Intel Core, Intel Atom, Intel Xeon, Intel Xeon Phi, Intel® C Compiler, Intel Software Guard Extensions, and Intel® Trusted Execution Engine are trademarks of Intel Corporation in the U.S. and/or other countries.

*Other names and brands may be claimed as the property of others.