Bitdefender claims to have discovered a new vulnerability in all current Intel processors, which, like Meltdown and Specter, are based on Speculative Execution, which performs probable, subsequent instructions to increase speed.
Bitdefender released info on this vulnerability a few moments ago at Black Hat USA 2019 in Las Vegas, after spending a year working with Intel and Microsoft to identify the gap and provide security patches. According to current information, the gap can be exploited only on Windows on 64-bit systems and processors from the Ivy Bridge generation (Core i-3000 series) from 2012 , since only these can execute the SWAPGS command speculatively. Previous tests with Linux and other x86 processors show that these systems are not affected - but the tests are not yet complete.
The new vulnerability in the speculative execution of code allows a side-channel attack ( side-channel attack ) on instructions inside the kernel of the operating system and breaks the privileged area of memory on the kernel. An attacker can access storage areas for which he normally has no access rights.
- This newly discovered attack path combines Intel's Speculative Execution and the use of a Windows specific SWAPGS ( Exchanges current GS base register value with value in MSR address C0000102H ) within a gadget.
- The attack bypasses all known protections that were implemented after the announcement of Specter and Meltdown in the spring of 2018.
- According to Bitdefender, Microsoft has already released a patch to close the new vulnerability. Details are missing so far however.
Microsoft has since published the corresponding update entry . The new vulnerability is listed under CVE-2019-1125 as "Windows Kernel Information Disclosure Vulnerability" as a variation of Specter Variant 1, and Microsoft has released a patch for Windows as early as July 9. Additional microcode updates are not required. A loss of performance is not expected by the installation of the update according to previous information.
AMD says it has not been affected.
SWAPGSAttack: New vulnerability hits Intel processors starting at Ivy Bridge
