[redhat] CVE-2019-1125: Spectre SWAPGS gadget vulnerability - Overclock.net - An Overclocking Community

Forum Jump: 

[redhat] CVE-2019-1125: Spectre SWAPGS gadget vulnerability

Reply
 
Thread Tools
post #1 of 18 (permalink) Old 08-06-2019, 04:23 PM - Thread Starter
⎬⎛⎝⎠⎞⎨
 
TK421's Avatar
 
Join Date: May 2011
Posts: 5,297
Rep: 158 (Unique: 123)
[redhat] CVE-2019-1125: Spectre SWAPGS gadget vulnerability

Red Hat has been made aware of an additional spectre-V1 like attack vector, requiring updates to the Linux kernel. This additional attack vector builds on existing software fixes shipped in previous kernel updates. This vulnerability only applies to x86-64 systems using either Intel or AMD processors.
This issue has been assigned CVE-2019-1125 and is rated Moderate.
An unprivileged local attacker can use these flaws to bypass conventional memory security restrictions to gain read access to privileged memory that would otherwise be inaccessible.






https://access.redhat.com/articles/4329821

nͫٴiͤٴcͫٴeͤ੮Һ૯ ცɿ૭ ૭คעٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴ ٴٴٴ
Desktop for gaming
(17 items)
ThinkPad T480
(9 items)
ThinkPad T430 XM
(9 items)
CPU
i7 5820K
Motherboard
X99 Deluxe
GPU
RTX 2080 Ti XC Ultra
RAM
Crucial 4x4GB
Hard Drive
Samsung 950 Pro 512GB
Hard Drive
Samsung 850 EVO 1TB
Hard Drive
WD Black 4TB
Hard Drive
WD Red 10TB
Optical Drive
Dell CH03N BD
Power Supply
EVGA 750 G2
Cooling
Swiftech Drive H360X3
Case
Phanteks Enthoo Luxe
Operating System
Windows 10 Enterprise LTSC 1809
Monitor
BenQ XL2430T
Monitor
ASUS PG279Q
Keyboard
Bloody B850
Mouse
Logitech G102 Prodigy (Mercury)
CPU
i7 8550U
Motherboard
Lenovo Windu-2 20L5
GPU
Intel UHD 620
RAM
F4-3000C16D-16GRS | 2x8GB 2400MHz
Hard Drive
Intel NVME SSD 256GB
Power Supply
Lenovo 65w USB-C
Cooling
Delta 01YR200
Operating System
Windows 10 Enterprise LTSC 1809
Monitor
LP140WF6-SPB7 FHD IPS
CPU
i7 3920XM
Motherboard
Nozomi 4 Type 2344 BZU
GPU
Intel HD4000
RAM
F3-2133C11-8GSRL | 2x8GB 2133MHz
Hard Drive
Samsung 850 Pro 256GB
Power Supply
Lenovo 90W
Operating System
Windows 10 Enterprise LTSC 1809
Monitor
AUO B140HAN01.3
Keyboard
Classic 7-row NMB 45N2211
▲ hide details ▲


TK421 is offline  
Sponsored Links
Advertisement
 
post #2 of 18 (permalink) Old 08-06-2019, 04:30 PM
professional curmudgeon
 
looniam's Avatar
 
Join Date: Apr 2009
Posts: 9,567
Rep: 778 (Unique: 446)
if i may piggy back please (saw this earlier but skipped make a thread)

https://thehackernews.com/2019/08/sw...execution.html

Quote:
Microsoft silently issued patches for the new speculative execution vulnerability in its July 2019 Patch Tuesday security update which was discovered and responsibly disclosed by researchers at security firm Bitdefender.
.
.
.
Meanwhile, Google has also prepared a patch to fix this vulnerability in its ChromeOS 4.19 with a soon-to-be-released update, describing the flaw as:

"An attacker can train the branch predictor to speculatively skip the swapgs path for an interrupt or exception. If they initialize the GS register to a user-space value, if the swapgs is speculatively skipped, subsequent GS-related percpu accesses in the speculation window will be done with the attacker-controlled GS value. This could cause privileged memory to be accessed and leaked."
i skipped quoting anything about redhat for obvious reasons.

Remember the golden rule of statistics: A personal sample size of one is a sufficient basis upon which to draw universal conclusions.
Upload the computer to Dropbox and provide a link to it so others may download it to examine and give advice for repairs.
loon 3.2
(18 items)
CPU
i7-3770K
Motherboard
Asus P8Z77-V Pro
GPU
EVGA 980TI SC+
RAM
16Gb PNY ddr3 1866
Hard Drive
PNY 1311 240Gb
Hard Drive
1 TB Seagate
Hard Drive
3 TB WD Blue
Optical Drive
DVD DVDRW+/-
Power Supply
EVGA SuperNova 750 G2
Cooling
EKWB P280 kit
Cooling
EK-VGA supremacy
Case
Stryker M [hammered and drilled]
Operating System
Win X
Monitor
LG 24MC57HQ-P
Keyboard
Ducky Zero [blues]
Mouse
corsair M65
Audio
SB Recon3D
Audio
Klipsch ProMedia 2.1
▲ hide details ▲


looniam is offline  
post #3 of 18 (permalink) Old 08-06-2019, 08:31 PM
New to Overclock.net
 
skupples's Avatar
 
Join Date: Apr 2012
Location: Fort Lauderdale
Posts: 18,095
Rep: 535 (Unique: 304)
oh joy, another reason to retire core.

R.I.P. Zawarudo, may you OC angels' wings in heaven.
If something appears too good to be true, it probably is.
skupples is offline  
Sponsored Links
Advertisement
 
post #4 of 18 (permalink) Old 08-06-2019, 11:05 PM
New to Overclock.net
 
Hwgeek's Avatar
 
Join Date: Apr 2017
Posts: 570
Rep: 14 (Unique: 12)
AMD believes it is not vulnerable to the SWAPGS variant attacks:
https://www.amd.com/en/corporate/product-security
Attached Thumbnails
Click image for larger version

Name:	AMD_SWAPGS.JPG
Views:	30
Size:	145.5 KB
ID:	286852  

Hwgeek is offline  
post #5 of 18 (permalink) Old 08-06-2019, 11:18 PM
New to Overclock.net
 
Imouto's Avatar
 
Join Date: Mar 2012
Posts: 1,910
Rep: 215 (Unique: 100)
Quote: Originally Posted by Hwgeek View Post
AMD believes it is not vulnerable to the SWAPGS variant attacks:
https://www.amd.com/en/corporate/product-security
https://cdn.kernel.org/pub/linux/ker...geLog-4.14.137

Quote:
Note that, on Intel, a similar attack exists in the above gadget when coming from kernel space, if the swapgs gets speculatively executed to switch back to the user GS. On AMD, this variant isn't possible because swapgs is serializing with respect to future GS-based accesses.
Another source for that.

#EnthusiastLivesMatter
Imouto is offline  
post #6 of 18 (permalink) Old 08-06-2019, 11:22 PM
New to Overclock.net
 
Hwgeek's Avatar
 
Join Date: Apr 2017
Posts: 570
Rep: 14 (Unique: 12)
And today we will see the new EPYC ROME benchmarks and now Intel system gonna get even slower:
"And, yes, it does look like it will impact performance... Benchmarks being worked on."
https://www.phoronix.com/scan.php?pa...19-1125-SWAPGS
Hwgeek is offline  
post #7 of 18 (permalink) Old 08-06-2019, 11:35 PM
professional curmudgeon
 
looniam's Avatar
 
Join Date: Apr 2009
Posts: 9,567
Rep: 778 (Unique: 446)
Quote: Originally Posted by Hwgeek View Post
AMD believes it is not vulnerable to the SWAPGS variant attacks:
https://www.amd.com/en/corporate/product-security
of course its not:

Name:  cedc9229f12e416f10047f5c45d3f852--apple-mac-social-media-marketing.jpg
Views: 91
Size:  15.8 KB

not sure anyone will get that.

Remember the golden rule of statistics: A personal sample size of one is a sufficient basis upon which to draw universal conclusions.
Upload the computer to Dropbox and provide a link to it so others may download it to examine and give advice for repairs.
loon 3.2
(18 items)
CPU
i7-3770K
Motherboard
Asus P8Z77-V Pro
GPU
EVGA 980TI SC+
RAM
16Gb PNY ddr3 1866
Hard Drive
PNY 1311 240Gb
Hard Drive
1 TB Seagate
Hard Drive
3 TB WD Blue
Optical Drive
DVD DVDRW+/-
Power Supply
EVGA SuperNova 750 G2
Cooling
EKWB P280 kit
Cooling
EK-VGA supremacy
Case
Stryker M [hammered and drilled]
Operating System
Win X
Monitor
LG 24MC57HQ-P
Keyboard
Ducky Zero [blues]
Mouse
corsair M65
Audio
SB Recon3D
Audio
Klipsch ProMedia 2.1
▲ hide details ▲


looniam is offline  
post #8 of 18 (permalink) Old 08-07-2019, 05:53 AM
Overclocker
 
JackCY's Avatar
 
Join Date: Jun 2014
Posts: 9,764
Rep: 332 (Unique: 237)
Belief and reality can differ. I'm sure Intel believed no one would ever bother to proof their theoretical attacks from early 90s as well, yet they did and now Intel panics.
JackCY is offline  
post #9 of 18 (permalink) Old 08-07-2019, 07:24 AM
Waiting for 7nm EUV
 
tpi2007's Avatar
 
Join Date: Nov 2010
Posts: 11,259
Rep: 890 (Unique: 501)
https://arstechnica.com/information-...rom-intel-cpus

Quote:
Microsoft silently patched the vulnerability during last month's update Tuesday. Microsoft said the fix works by changing how the CPU speculatively accesses memory.

Bold for emphasis.

Is there a performance impact because of this? As Phoronix says, probably, let's see.



Quote:
The Bitdefender paper said researchers first reported the vulnerability to Intel 12 months ago, on August 7, 2018. Intel responded three weeks later by saying it already knew of the vulnerability and had no plans to fix it. Bitdefender said it spent the next eight months insisting to Intel that the behavior was problematic. Intel finally confirmed the leak of kernel memory on April 2 and indicated that a fix would come from fixes in operating systems.

How many CPUs does Intel want to sell with this behaviour?

Is your CPU bottlenecking your GPU ? Find out: CPU and GPU usage along with FPS in-game
Read my reviews here.
Clubs (founder): The rare / unusual CPU club
Clubs (member): Corsair Professional HX / AX Series PSU Owners Club || The Official Cooler Master HAF X/932/922/912(+) Club
CPU
Core i7-3820
Motherboard
Asus Sabertooth X79
GPU
MSI GTX 1060 6 GB Gaming X
RAM
16 GB Corsair DDR3 1866 Mhz Dominator
Hard Drive
Samsung SSD 830 128GB + WD Caviar Black 2TB
Optical Drive
Sony Optiarc DVD-RW
Power Supply
Corsair AX750 Professional Modular 80 Plus Gold
Cooling
Corsair A70 + Noiseblocker M12-P
Case
Cooler Master HAF 912 Plus
Operating System
Windows 7 Home Premium 64-bit
Monitor
BenQ RL2455HM
Keyboard
Cooler Master Octane
Mouse
Cooler Master Octane
▲ hide details ▲



Last edited by tpi2007; 08-07-2019 at 07:27 AM.
tpi2007 is offline  
post #10 of 18 (permalink) Old 08-07-2019, 10:54 AM
⤷ αC
 
AlphaC's Avatar
 
Join Date: Sep 2012
Posts: 11,064
Rep: 899 (Unique: 589)
https://www.phoronix.com/scan.php?pa...19-1125-SWAPGS
And, yes, it does look like it will impact performance... Benchmarks being worked on.


"AMD believes it is not vulnerable to the SWAPGS variant attacks because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS."


So much for Intel i9 being a few percent faster.

► Recommended GPU Projects: [email protected] , [email protected] (FP64) (AMD moreso) ► Other notable GPU projects: [email protected] (Nvidia), GPUGrid (Nvidia) ► Project list


AlphaC is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off