SWAPGS: KernelCare patches are on the way - TuxCare

SWAPGS: KernelCare patches are on the way

KernelCare Team

August 7, 2019

CVE

swapgs-social

KernelCare patches will start rolling out on Monday, 12 August.

A new month has started—Summer is in full swing—Must be time for another CPU vulnerability. (Let’s hope this one has a catchy name.)

It seems we haven’t seen the last of Spectre and Meltdown. They have risen from the ashes, mutated and turned into … SWAPGS. (Sorry, no catchy name this time.)

This is another flaw in the architectural design of speculative execution side channels used to accelerate the performance of modern Intel CPUs. SWAPGS is a privileged instruction that can be run speculatively. The flaw can be exploited even with Spectre and Meltdown mitigations in place.

It’s officially numbered as CVE-2019-1125 and as with the previous types, this one affects Intel CPUs made since 2012; there is still controversy as to whether it also affects AMD processors (AMD says it doesn’t).

KernelCare patches will start rolling out on Monday, 12 August.

Patches Released to Production:

  • OEL 6
  • RHEL 6
  • RHEL 8
  • Ubuntu Xenial
  • Ubuntu Bionic
  • Debian 9

 

Get a FREE 7-Day Supported Trial of KernelCare 

References

 

About KernelCare

KernelCare is a live patching system that patches Linux kernel vulnerabilities automatically, with no reboots. It’s used on over 300,000 servers, and has been used to patch servers running for 6+ years. It works with all major Linux distributions, such as RHEL, CentOS, Amazon Linux, and Ubuntu. It also interoperates with common vulnerability scanners such as Nessus, Tenable, Rapid7, and Qualys. To talk with a consultant about how KernelCare might meet your enterprise’s specific needs, contact us directly at [email protected].

Stay in the Loop

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching