Wednesday, August 7th 2019

SWAPGS: Another Speculative Side Channel Vulnerability

Yet another CPU vulnerability was discovered today, called SWAPGS, revealed under the code CVE-2019-1125, as it is referred to in the industry. The vulnerability was discovered twelve months ago and got privately reported to Intel by a security researcher. It's supposedly present on both AMD and Intel CPUs, but was only proven to work on Intel platforms by Bitdefender security researchers. Red Hat issued a statement which states that both platforms are affected and that users should upgrade their systems as soon as possible. Microsoft already implemented a fix with its "Patch Tuesday" update for last month, so if you updated your OS recently, you are already protected against SWAPGS.

AMD issued as statement as well, in which it says: "AMD is aware of new research claiming new speculative execution attacks that may allow access to privileged kernel data. Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS. For the attack that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1."
How SWAPGS works
SWAPGS is a Spectre-type exploit, which takes advantage of the processor's branch prediction (predicting when to switch instruction sequence to improve performance). The processor speculates which instruction sequence is most likely to run next and prepares its internal states for that. When observing these instructions, possibly sensitive data could be revealed by observing timing results.

SWAPGS comes into play because it is an exploit similar to Spectre. It is named after x86-64 instruction called SWAPGS which swaps the GS register (only one of the segment registers which build a complete memory address), with a value intended to be used during kernel operations. Because of its nature, SWAPGS does not perform any kind correction on data it uses, thus an attack can be performed. During the swapping period, attacker can insert any value without getting errors or warning by the processor.

Mitigations
As you know, for Spectre and Meltdown, there aren't too many mitigations that are built into hardware, and the industry still largely depends on software/firmware-level mitigations that negatively affect performance. Only the most recent processor models from AMD and Intel have hardware mitigations. For now Microsoft already pushed the update to its Windows OSes and kernel patches for any *nix based OS should have been implemented as well. Performance impact of these patches is still unknown.

Update: Performance impact of the SWAPGS mitigation has been tested with the latest Linux kernel. Phoronix benchmarked Intel's Core i9 9900K and they found a 1-5% reduction in performance for synthetic benchmarks with a general reduction of 1% on average when accounting for all benchmarks. You can check out their performance results here. Sources: Red Hat, Phoronix
Add your own comment

37 Comments on SWAPGS: Another Speculative Side Channel Vulnerability

#1
EarthDog
Well... another one. Does this affect more data center/VM than home like most of these?


AleksandarK, post: 4093771, member: 187454"
Yet another CPU vulnerability was discovered today, called SWAPGS, revealed under the code CVE-2019-1125 as it is referred to in the industry. The vulnerability was discovered 12 months ago and got privately reported to Intel by a security researcher. It's supposedly present on both AMD and Intel CPUs, but was only proven to work on Intel platforms by Bitdefender security researchers.
Please fire the proofreader. :p

Grammarly FTW! :)
Posted on Reply
#2
Ferrum Master
It almost seems like some force is driving it.

After a year my CPU will need an upgrade just because it is patched like a stiff mummy and won't perform just because of these issues. Kinda win situation for manufacturers.
Posted on Reply
#3
EarthDog
Ferrum Master, post: 4093780, member: 90058"
It almost seems like some force is driving it.

After a year my CPU will need an upgrade just because it is patched like a stiff mummy and won't perform just because of these issues. Kinda win situation for manufacturers.
Where did it say this affects performance?
Posted on Reply
#6
Ferrum Master
EarthDog, post: 4093782, member: 79836"
Where did it say this affects performance?
All of them does. Each prediction algos do speedups(the performance magic intel had). As it is spectre based obviously. Disabling, changing them on software level with microcode means latency. And it is bad. It wouldn't be that if it would be only one. Now they stack up like germs.
Posted on Reply
#7
Readlight
If i haw downloaded latest 10 RS6 updated iso. i safe?
Posted on Reply
#10
Imouto
EarthDog, post: 4093838, member: 79836"
believes, but hasn't confirmed (though still likely).
Legal requirement as they would be liable if it was the case.

It is confirmed by other sources that it is not affected.
Posted on Reply
#11
Zareek
I'm not shocked, once they opened that can of worms, there has been a pretty steady stream of exploits.
Posted on Reply
#12
EarthDog
Imouto, post: 4093848, member: 189565"
Legal requirement as they would be liable if it was the case.

It is confirmed by other sources that it is not affected.
They've come out before and said it doesn't, period. If they know, why not say it now but they did previously?
Posted on Reply
#13
TheDeeGee
I went from a 4770K to my old 950 in two years time... what the heck man...
Posted on Reply
#14
EarthDog
TheDeeGee, post: 4093874, member: 108032"
I went from a 4770K to my old 950 in two years time... what the heck man...
That's funny, but, no. :)
Posted on Reply
#15
HD64G
Most vulenrabilities are closely tied with the CPU arch, so Intel continues delivering most of those. Simple math.
Posted on Reply
#16
Vayra86
Ferrum Master, post: 4093780, member: 90058"
It almost seems like some force is driving it.

After a year my CPU will need an upgrade just because it is patched like a stiff mummy and won't perform just because of these issues. Kinda win situation for manufacturers.
Funny huh, how it all coincides with Moore's Law going to the shitter.
Posted on Reply
#18
Ferrum Master
jaggerwild, post: 4094051, member: 61229"
4.6mhz CPU'S
Ke? Lowest I had was 8MHz? 8088
Posted on Reply
#19
yakk
More vulnerabilities cause... Why not?!

Don't know about anybody else, but the old saying "no admin ever got fired for buying Intel" is starting to be strained cause I'm sure starting to get a lot of questions. Even on a corporate level it feels like things are starting to change.
Posted on Reply
#20
yeeeeman
I am getting bored of these...I am starting to believe that most researching are scratching their asse...heads now to find something and gain some press.
F*** it, you will always find vulnerabilities, cause nothings perfect in this world. But I really hate this whole craze of finding more and more vulnerabilities...
Posted on Reply
#21
Particle
yeeeeman, post: 4094089, member: 127591"
I am getting bored of these...I am starting to believe that most researching are scratching their asse...heads now to find something and gain some press.
F*** it, you will always find vulnerabilities, cause nothings perfect in this world. But I really hate this whole craze of finding more and more vulnerabilities...
You're getting mad at the good guys...I think by accident.
Posted on Reply
#22
medi01
Another Intel exclusive, yeehaaa. Oh wait.

AleksandarK, post: 4093771, member: 187454"
Only the most recent processor models from AMD and Intel have hardware mitigations.
None of the AMD's CPUs was affected by Meltdown, you bloody Intel shill.

yakk, post: 4094066, member: 158293"
More vulnerabilities cause... Why not?!

Don't know about anybody else, but the old saying "no admin ever got fired for buying Intel" is starting to be strained cause I'm sure starting to get a lot of questions. Even on a corporate level it feels like things are starting to change.
Posted on Reply
#24
R-T-B
EarthDog, post: 4093857, member: 79836"
They've come out before and said it doesn't, period. If they know, why not say it now but they did previously?
Yeah. Not buying it.

medi01, post: 4094119, member: 158537"
None of the AMD's CPUs was affected by Meltdown, you bloody Intel shill.
This is a spectre class vulnerability and has nothing to do with meltdown (Spectre affects both). Nice try.
Posted on Reply
#25
medi01
R-T-B, post: 4094202, member: 41983"
Nice try.
Indeed:

AleksandarK, post: 4093771, member: 187454"
Mitigations
As you know, for Spectre and Meltdown, there aren't too many mitigations that are built into hardware, and the industry still largely depends on software/firmware-level mitigations that negatively affect performance. Only the most recent processor models from AMD and Intel have hardware mitigations.
Posted on Reply
Add your own comment