Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2019-1125

Published: 03/09/2019 Updated: 24/08/2020
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Microsoft

Vulnerability Summary

It exists that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 1709

microsoft windows 10 1809

microsoft windows server 2016 -

microsoft windows server 2016 1903

microsoft windows server 2008 -

microsoft windows server 2008 r2

microsoft windows server 2012 -

microsoft windows 8.1 -

microsoft windows rt 8.1 -

microsoft windows 10 -

microsoft windows 10 1607

microsoft windows server 2019 -

microsoft windows 7 -

microsoft windows 10 1703

microsoft windows 10 1803

microsoft windows 10 1903

microsoft windows server 2012 r2

microsoft windows server 2016 1803

redhat enterprise linux desktop 7.0

redhat enterprise linux server 7.0

redhat enterprise linux workstation 7.0

redhat virtualization host 4.0

redhat enterprise linux server aus 7.7

redhat enterprise linux server eus 7.7

redhat enterprise linux server tus 7.7

Vendor Advisories

Debian Security Advisories: DSA-4497-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2015-8553 Jan Beulich discovered that CVE-2015-2150 was not completely addressed If a PCI physical function is passed through to a Xen guest, the guest is able to access its memory and I ...
Debian Security Advisories: DSA-4495-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2018-20836 chenxiang reported a race condition in libsas, the kernel subsystem supporting Serial Attached SCSI (SAS) devices, which could lead to a use-after-free It is not clear how thi ...
Amazon Linux AMI: ALAS-2019-1253
There is a newly discovered variant side-channel attack of Spectre V1 which leverages SWAPGS instructions to bypass KPTI/KVA mitigations This could lead to a kernel information disclosure ...
Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-hwe, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-aws, linux-aws-hwe vulnerability
The system could be made to expose sensitive information ...
Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: Moderate: kernel security and bug fix update
Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Moderate: Red Hat Virtualization security, bug fix, and enhancement update
Synopsis Moderate: Red Hat Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: Important: kernel-rt security update
Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Amazon Linux 2: ALAS2-2019-1253
There is a newly discovered variant side-channel attack of Spectre V1 which leverages SWAPGS instructions to bypass KPTI/KVA mitigations This could lead to a kernel information disclosure (CVE-2019-1125) ...
Red Hat: CVE-2019-1125
Impact: Moderate Public Date: 2019-08-06 CWE: CWE-385->CWE-200 Bugzilla: 1724389: CVE-2019-1125 kern ...
Huawei Security Advisories: Security Advisory - Information Disclosure Vulnerability about SWAPGS Instruction
An information disclosure vulnerability exists when certain x86-64-bit central processing units (CPU) speculatively access memory, this vulnerability uses the SWAPGS instruction in the CPU To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application  An attacker who successfull ...

Github Repositories

https://github.com/bitdefender/swapgs-attack-poc

This repository contains the sources and documentation for the SWAPGS attack PoC (CVE-2019-1125)

PoC for the SWAPGS attack (CVE-2019-1125) This repository holds the sources for the SWAPGS attack PoC publicly shown at Black Hat USA, 2019 Contents leakgsbkva - variant 1 (look for random values in kernel memory; limited to PE kernel image header) leakgsbkvat - variant 2 (extract random values from kernel memory; limited to PE kernel image header) whitepaper Black Hat USA 20

Recent Articles

Deja-wooo-oooh! Intel chips running Windows potentially vulnerable to scary Spectre variant
The Register • Thomas Claburn in San Francisco • 06 Aug 2019

SWAPGS can be abused to siphon sensitive secrets from kernel memory, patches already available Data-spewing Spectre chip flaws can't be killed by software alone, Google boffins conclude

Spectre – a family of data-leaking side-channel vulnerabilities arising from speculative execution that was disclosed last year and affects various vendors' chips – has a new sibling that bypasses previous mitigations. Designated CVE-2019-1125 and rated moderate in terms of severity, the issue – limited primarily to Intel x86-64 systems running Windows – could allow a local attacker to work around protections like kernel address space isolation to read sensitive kernel memory. AMD's 64-b...

Read more...
Deja-wooo-oooh! Intel chips running Windows potentially vulnerable to scary Spectre variant
The Register • Thomas Claburn in San Francisco • 06 Aug 2019

SWAPGS can be abused to siphon sensitive secrets from kernel memory, patches already available Data-spewing Spectre chip flaws can't be killed by software alone, Google boffins conclude

Spectre – a family of data-leaking side-channel vulnerabilities arising from speculative execution that was disclosed last year and affects various vendors' chips – has a new sibling that bypasses previous mitigations. Designated CVE-2019-1125 and rated moderate in terms of severity, the issue – limited primarily to Intel x86-64 systems running Windows – could allow a local attacker to work around protections like kernel address space isolation to read sensitive kernel memory. AMD's 64-b...

Read more...

References

NVD-CWE-noinfohttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125https://access.redhat.com/errata/RHSA-2019:2600https://access.redhat.com/errata/RHSA-2019:2609https://access.redhat.com/errata/RHSA-2019:2695https://access.redhat.com/errata/RHSA-2019:2696https://access.redhat.com/errata/RHSA-2019:2730https://kc.mcafee.com/corporate/index?page=content&id=SB10297https://access.redhat.com/errata/RHSA-2019:2899https://access.redhat.com/errata/RHSA-2019:2900https://access.redhat.com/errata/RHSA-2019:2975https://access.redhat.com/errata/RHSA-2019:3011https://access.redhat.com/errata/RHBA-2019:2824https://access.redhat.com/errata/RHSA-2019:3220https://access.redhat.com/errata/RHBA-2019:3248https://www.synology.com/security/advisory/Synology_SA_19_32http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.htmlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-enhttps://nvd.nist.govhttps://github.com/bitdefender/swapgs-attack-pochttps://www.debian.org/security/2019/dsa-4497https://usn.ubuntu.com/4095-2/https://usn.ubuntu.com/4094-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook