[lfs-dev] And this week's CPU vulnerability is ...

Ken Moffat zarniwhoop at ntlworld.com
Tue Aug 6 20:00:52 PDT 2019


News sites are now filling up with reports of the 'SWAPGS'
vulnerability, CVE-2019-1125, disclosed on Tuesday.

Apparently, it affects all intels since Ivy Bridge, and (possibly)
AMD - people who found it (Bitdefender.com) were unable to exploit it
on AMD Fam15 or Fam16 and AMD suggest it will be very hard to
exploit.  Specifically, AMD suggest they are only vulnerable to
Scenario 2, Variant 2 of the possible series of attacks, and that
existing mitigations for Spectre v1 will prevent this.

https://www.amd.com/en/corporate/product-security/

But I don't have a link to the various scenarios, and the CVE is
still labelled as 'reserved'.

If google is linking two and two together to make four (which would
be a change!), kernels 5.2.7, 4.19.65, etc might have the
mitigations.

Apparently, windows rolled out fixes last month.

As usual, it looks hard to exploit.

ĸen
-- 
Adopted by dwarfs, brought up by dwarfs.  To dwarfs I'm a dwarf, sir.
I can do the rite of k'zakra, I know the secrets of h'ragna, I can
ha'lk my g'rakha correctly ... I am a dwarf
           Captain Carrot Ironfoundersson (in The Fifth Elephant)


More information about the lfs-dev mailing list