Impact: Moderate Public Date: 2019-08-06 CWE: CWE-385->CWE-200 Bugzilla: 1724389: CVE-2019-1125 kernel: hw: Spectre SWAPGS gadget vulnerability A Spectre gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel.
Find out more about CVE-2019-1125 from the MITRE CVE dictionary dictionary and NIST NVD.
Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/4329821
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 5.9 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N |
| Attack Vector | Local |
| Attack Complexity | High |
| Privileges Required | None |
| User Interaction | None |
| Scope | Changed |
| Confidentiality | High |
| Integrity Impact | None |
| Availability Impact | None |
| Platform | Package | State |
|---|---|---|
| Red Hat Virtualization 4 | redhat-virtualization-host | Affected |
| Red Hat OpenShift Container Platform 4.1 | kernel | Affected |
| Red Hat Enterprise MRG 2 | kernel-rt | Affected |
| Red Hat Enterprise Linux 8 | kernel | Affected |
| Red Hat Enterprise Linux 8 | kernel-rt | Affected |
| Red Hat Enterprise Linux 7 | kernel-alt | Not affected |
| Red Hat Enterprise Linux 7 | kernel | Affected |
| Red Hat Enterprise Linux 7 | kernel-rt | Affected |
| Red Hat Enterprise Linux 6 | kernel | Affected |
| Red Hat Enterprise Linux 5 | kernel | Affected |
For mitigation related information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/4329821
Vulmon