Intel Impacted by new SWAPGS Speculative Execution Attack
Intel Impacted by new SWAPGS Speculative Execution Attack
Bitdefender has claimed that it has “worked with Intel for more than a year” before publically disclosing this new attack, stating that “the SWAPGS Attack affects newer Intel CPUs that use speculative execution”. Red Hat has additionally claimed that vulnerability applies to x86-64 systems which use “either Intel or AMD processors”.Â
SWAPGS allows attackers to gain access to information that’s stored in kernel memory, which could extend to passwords, encryption keys and other pieces of important information. This vulnerability is said to only be available to local attackers, with the Linux OS being considered more secure from the vulnerability than Windows.Â
Users of Windows 10 should update their OS to ensure that their systems remain secure. On July 9th, Microsoft released an OS update that’s designed to mitigate the effects of SWAPGS by changing how processors speculatively access memory.Â
AMD has responded to the reveal of SWAPGS with the following statement, claiming that they believe that their processors are not vulnerable to SWAPGS.
 Â
  AMD is aware of new research claiming new speculative execution attacks that may allow access to privileged kernel data. Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS. For the attack that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1.
Specific details by published description:
Description
AMD Recommendation
SWAPGS instruction speculation at CPL3
(Scenario 1)
AMD believed not impacted
SWAPGS instruction speculation at CPL0
(Scenario 2, Variant 1)
AMD believed not impacted
GS base value speculation
(Scenario 2, Variant 2)
AMD recommends implementing existing mitigations for Spectre variant 1
Bitdefender has stated that “all Intel CPUs that support SWAPGS and WRGSBASE instructions are affected” by this vulnerability, which means that “basically anything from Intel Ivy Bridge (introduced 2012)” until now is impacted.Â
Intel has released the following statements regarding SWAPGS;Â
Â
   On August 6, 2019, researchers at BitDefender* published details on two issues they reported to both Intel and Microsoft* as part of coordinated vulnerability disclosure (CVD).
 SWAPGS
Researchers from BitDefender published a paper entitled, “Bypassing KPTI Using the Speculative Behavior of the SWAPGS Instruction.” This information disclosure vulnerability can be used to speculatively access memory, potentially allowing a malicious actor to read privileged data across trust boundaries.
After assessing this issue with industry partners, we determined that the best mitigation would be at the software layer. Microsoft agreed to coordinate remediation efforts, working with the researchers and other industry partners. Microsoft released their software update to address this issue in July 2019 and today published their security advisory as part of the CVD process.Â
Some Linux* OS vendors may elect to release updates for their products. Please check with your Linux OS vendor for details.
 Speculative only Segment Loads
Researchers from BitDefender also published a paper entitled, “Security Implications Of Speculatively Executing Segmentation Related Instructions On Intel CPUs.” Intel expects, as stated in the paper, that the exploits described by the researchers are addressed through the use of existing mitigation techniques.
We believe strongly in the value of coordinated disclosure and value our partnership with the research community. As a best practice, we continue to encourage everyone to keep their systems up-to-date.
Â
You can join the discussion on the SWAPGS CPU vulnerability which impacts Intel processors on the OC3D Forums. Â