Security researchers are warning of a new speculative execution vulnerability affecting all modern Intel processors which could allow attackers to access sensitive data stored in the kernel.
The CVE-2019-1125 flaw bypasses all mitigations put in place after the discovery of Spectre and Meltdown in early 2018, according to Bitdefender. It’s said to affect all processors built since 2012, running on Windows, Linux or FreeBSD laptops and servers – meaning consumers and enterprises are at risk.
It could enable a side-channel attack that abuses a little-known system instruction called SWAPGS, exposing data in privileged portions of the kernel memory such as passwords, tokens, private conversations, encryption and more.
“This attack exposes sensitive information from the OS kernel by abusing speculative execution of SWAPGS instruction. An attacker can force arbitrary memory dereferences in kernel, which leaves traces within the data caches,” explained Bitdefender.
“These signals can be picked-up by the attacker to infer the value located at the given kernel address. Consequently, attackers can exploit this vulnerability to search values in kernel memory (check if a given value is located at a given kernel address) or leak values from arbitrary kernel addresses.”
Bitdefender has been working with Intel for over a year on this research and claims its Hypervisor Introspection (HVI) tool will provide protection until patches are available, instrumenting each vulnerable SWAPGS instruction to ensure it will not execute speculatively.
Patches are apparently being readied by ecosystem partners like Microsoft and users are urged to implement them as soon as they’re available.
“Criminals with knowledge of these attacks would have the power to uncover the most vital, best-protected information of both companies and private individuals around the world, and the corresponding power to steal, blackmail, sabotage and spy,” said Gavin Hill, vice-president, datacenter and network security products at Bitdefender.
“Research into these attacks is on the cutting edge as it gets to the very roots of how modern CPUs operate and requires a thorough understanding of CPU internals, OS internals, and speculative-execution side-channel attacks in-general.”