SWAPGS: KernelCare patches are on the way
KernelCare patches will start rolling out on Monday, 12 August.
A new month has started—Summer is in full swing—Must be time for another CPU vulnerability. (Let’s hope this one has a catchy name.)
It seems we haven’t seen the last of Spectre and Meltdown. They have risen from the ashes, mutated and turned into … SWAPGS. (Sorry, no catchy name this time.)
This is another flaw in the architectural design of speculative execution side channels used to accelerate the performance of modern Intel CPUs. SWAPGS is a privileged instruction that can be run speculatively. The flaw can be exploited even with Spectre and Meltdown mitigations in place.
It’s officially numbered as CVE-2019-1125 and as with the previous types, this one affects Intel CPUs made since 2012; there is still controversy as to whether it also affects AMD processors (AMD says it doesn’t).
KernelCare patches will start rolling out on Monday, 12 August.
Patches Released to Production:
- OEL 6
- RHEL 6
- RHEL 8
- Ubuntu Xenial
- Ubuntu Bionic
- Debian 9
Get a FREE 7-Day Supported Trial of KernelCare
References
- Bitdefender report
- cve.mitre.org
- Red Hat: “CVE-2019–1125: Spectre SWAPGS gadget vulnerability”
- Ubuntu CVE Tracker
- Microsoft Windows kernel patch notification
About KernelCare
KernelCare is a live patching system that patches Linux kernel vulnerabilities automatically, with no reboots. It’s used on over 300,000 servers, and has been used to patch servers running for 6+ years. It works with all major Linux distributions, such as RHEL, CentOS, Amazon Linux, and Ubuntu. It also interoperates with common vulnerability scanners such as Nessus, Tenable, Rapid7, and Qualys. To talk with a consultant about how KernelCare might meet your enterprise’s specific needs, contact us directly at [email protected].