CVE-2019-1125: Windows Kernel Information Disclosure Vulnerability
First published: Thu Jun 27 2019(Updated: )
A Spectre gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel.
Credit: secure@microsoft.com secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <0:2.6.32-754.18.2.el6 | 0:2.6.32-754.18.2.el6 |
| redhat/kernel | <0:2.6.32-431.96.1.el6 | 0:2.6.32-431.96.1.el6 |
| redhat/kernel | <0:2.6.32-504.80.2.el6 | 0:2.6.32-504.80.2.el6 |
| redhat/kernel-rt | <0:3.10.0-1062.1.1.rt56.1024.el7 | 0:3.10.0-1062.1.1.rt56.1024.el7 |
| redhat/kernel | <0:3.10.0-1062.1.1.el7 | 0:3.10.0-1062.1.1.el7 |
| redhat/kernel | <0:3.10.0-327.82.1.el7 | 0:3.10.0-327.82.1.el7 |
| redhat/kernel | <0:3.10.0-514.69.1.el7 | 0:3.10.0-514.69.1.el7 |
| redhat/kernel | <0:3.10.0-693.58.1.el7 | 0:3.10.0-693.58.1.el7 |
| redhat/kernel | <0:3.10.0-862.43.1.el7 | 0:3.10.0-862.43.1.el7 |
| redhat/kernel | <0:3.10.0-957.38.1.el7 | 0:3.10.0-957.38.1.el7 |
| redhat/kernel-rt | <0:4.18.0-80.7.2.rt9.154.el8_0 | 0:4.18.0-80.7.2.rt9.154.el8_0 |
| redhat/kernel | <0:4.18.0-80.7.2.el8_0 | 0:4.18.0-80.7.2.el8_0 |
| redhat/kernel-rt | <1:3.10.0-693.58.1.rt56.652.el6 | 1:3.10.0-693.58.1.rt56.652.el6 |
| redhat/redhat-release-virtualization-host | <0:4.2-15.1.el7 | 0:4.2-15.1.el7 |
| redhat/redhat-virtualization-host | <0:4.2-20191022.0.el7_6 | 0:4.2-20191022.0.el7_6 |
| redhat/imgbased | <0:1.1.10-0.1.el7e | 0:1.1.10-0.1.el7e |
| redhat/ovirt-node-ng | <0:4.3.6-0.20190820.0.el7e | 0:4.3.6-0.20190820.0.el7e |
| redhat/redhat-release-virtualization-host | <0:4.3.6-2.el7e | 0:4.3.6-2.el7e |
| redhat/redhat-virtualization-host | <0:4.3.6-20190924.0.el7_7 | 0:4.3.6-20190924.0.el7_7 |
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =1703 | |
| Microsoft Windows 10 | =1709 | |
| Microsoft Windows 10 | =1803 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =1903 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 8.1 | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =r2-sp1 | |
| Microsoft Windows Server 2008 Itanium | =r2-sp1 | |
| Microsoft Windows Server 2012 x64 | ||
| Microsoft Windows Server 2012 x64 | =r2 | |
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2016 | =1803 | |
| Microsoft Windows Server 2016 | =1903 | |
| Microsoft Windows Server 2019 | ||
| redhat virtualization host | =4.0 | |
| redhat enterprise Linux desktop | =7.0 | |
| redhat enterprise Linux server | =7.0 | |
| redhat enterprise Linux server aus | =7.7 | |
| redhat enterprise Linux server eus | =7.7 | |
| redhat enterprise Linux server tus | =7.7 | |
| redhat enterprise Linux workstation | =7.0 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.13-1 |
Remedy
For mitigation related information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/4329821
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-1125 https://nvd.nist.gov/vuln/detail/CVE-2019-1125
- https://bugzilla.redhat.com/show_bug.cgi?id=1724389
- https://access.redhat.com/errata/RHSA-2019:2473
- https://access.redhat.com/errata/RHSA-2019:2695
- https://access.redhat.com/errata/RHSA-2019:2476
- https://access.redhat.com/errata/RHSA-2019:2609
- https://access.redhat.com/errata/RHSA-2019:2600
- https://access.redhat.com/errata/RHSA-2019:2899
- https://access.redhat.com/errata/RHSA-2019:2900
- https://access.redhat.com/errata/RHSA-2019:2696
- https://access.redhat.com/errata/RHSA-2019:2975
- https://access.redhat.com/errata/RHSA-2019:3220
- https://access.redhat.com/errata/RHSA-2019:2405
- https://access.redhat.com/errata/RHSA-2019:2411
- https://access.redhat.com/errata/RHSA-2019:2730
- https://access.redhat.com/errata/RHBA-2019:3248
- https://access.redhat.com/errata/RHSA-2019:3011
- https://access.redhat.com/security/cve/cve-2019-1125
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2059825986a1c8143fd6698774fa9d83733bb11
- https://access.redhat.com/articles/4329821
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1738285
- https://businessresources.bitdefender.com/speculatively-executing-segmentation-related-instructions-intel-cpus?utm_campaign=swapgs&utm_source=web
- https://software.intel.com/security-software-guidance/insights/more-information-swapgs-and-speculative-only-segment-loads
- http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-en
- https://access.redhat.com/errata/RHBA-2019:2824
- https://kc.mcafee.com/corporate/index?page=content&id=SB10297
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125
- https://www.synology.com/security/advisory/Synology_SA_19_32
- https://kc.mcafee.com/corporate/index?page=content&id=SB10297
- https://launchpad.net/bugs/cve/CVE-2019-1125
- https://security-tracker.debian.org/tracker/CVE-2019-1125
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1125
- https://nvd.nist.gov/vuln/detail/CVE-2019-1125
- https://ubuntu.com/security/CVE-2019-1125
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2019-1125?
The severity of CVE-2019-1125 is rated as medium, indicating a moderate risk of information disclosure through a Spectre-like side channel.
How do I fix CVE-2019-1125?
To mitigate CVE-2019-1125, users should upgrade to the recommended kernel versions provided by Red Hat, such as 0:2.6.32-754.18.2.el6 or any version specified in security patches.
What type of attack does CVE-2019-1125 enable?
CVE-2019-1125 allows an attacker with local access to exploit a Spectre gadget to leak sensitive information through side-channel attacks.
Which systems are affected by CVE-2019-1125?
CVE-2019-1125 affects multiple versions of the Linux kernel, specifically those running on Red Hat Enterprise Linux and related distributions.
Is there a workaround for CVE-2019-1125?
While the best solution is to update the kernel, users may temporarily minimize exposure by restricting local access to systems until updates can be applied.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-1125
- agent/weakness
- agent/title
- agent/severity
- agent/author
- collector/launchpad-cve
- source/Launchpad
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- agent/event
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/microsoft
- canonical/microsoft windows 10
- version/microsoft windows 10/1607
- version/microsoft windows 10/1703
- version/microsoft windows 10/1709
- version/microsoft windows 10/1803
- version/microsoft windows 10/1809
- version/microsoft windows 10/1903
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows 8.1
- canonical/microsoft windows rt
- canonical/microsoft windows server 2008 itanium
- version/microsoft windows server 2008 itanium/sp2
- version/microsoft windows server 2008 itanium/r2-sp1
- canonical/microsoft windows server 2012 x64
- version/microsoft windows server 2012 x64/r2
- canonical/microsoft windows server 2016
- version/microsoft windows server 2016/1803
- version/microsoft windows server 2016/1903
- canonical/microsoft windows server 2019
- vendor/redhat
- canonical/redhat virtualization host
- version/redhat virtualization host/4.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.7
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/7.7
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/7.7
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- package-manager/debian