Saturday, February 27, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

SWAPGS Attack — New Speculative Execution Flaw Affects All Modern Intel CPUs

August 7, 2019
in Internet Privacy
SWAPGS Attack — New Speculative Execution Flaw Affects All Modern Intel CPUs
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A new variant of the Spectre (Variant 1) side-channel vulnerability has been discovered that affects modern Intel CPUs which leverage speculative-execution, and some AMD processors as well, Microsoft and Red Hat warn.

Identified as CVE-2019-1125, the vulnerability could allow unprivileged local attackers to access sensitive information stored in the operating system privileged kernel memory, including passwords, tokens, and encryption keys, that would otherwise be inaccessible.

You might also like

Cisco Releases Security Patches for Critical Flaws Affecting its Products

Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

Speculative execution is a core component of modern microprocessor design that speculatively executes instructions based on assumptions that are considered likely to be true. If the assumptions come out to be valid, the execution continues, otherwise discarded.

Such speculative executions also have side effects that are not restored when the CPU state is unwound, leading to information disclosure, which can then be accessed using side-channel attacks.

Microsoft silently issued patches for the new speculative execution vulnerability in its July 2019 Patch Tuesday security update which was discovered and responsibly disclosed by researchers at security firm Bitdefender.

According to a security advisory released today by Red Hat, the attack relies on speculatively executing unexpected SWAPGS instructions after a branch gets mispredicted.

SWAPGS instruction is a privileged system instruction that swaps the values in the GS register with the MSR values and is only available on devices with x86-64 architecture.

“Since SWAPGS can be executed speculatively inside user-mode, an attacker can leak the address of the per-CPU data, normally available to only the kernel,” researchers say.

The SWAPGS attack breaks the Kernel Page-Table Isolation (KPTI) provided by modern CPUs and can be used to leak sensitive kernel memory from unprivileged user mode.

“It is possible that these conditional branches in the Linux kernel entry code may mis-speculate into code that will not perform the SWAPGS, resulting in a window of speculative execution during which the wrong GS is used for dependent memory operations,” RedHat says in its advisory.

According to Bitdefender researchers, the new attack bypasses all known mitigations implemented after the discovery of Spectre and Meltdown vulnerabilities in early 2018 that put practically every computer in the world at risk.

Though the Linux kernel also contains a gadget which may be exploited to target Linux systems in an attack, researchers believe exploiting Linux operating systems could slightly be tougher than Windows computers.

Since the attack can not be launched remotely, it is unlikely to cause mass malware infections, like EternalBlue was used for WannaCry; instead, it can be exploited as part of an extremely targeted attack.

Affected users can address this issue through a software update for their operating systems that would mitigate how the CPU speculatively accesses memory.

Meanwhile, Google has also prepared a patch to fix this vulnerability in its ChromeOS 4.19 with a soon-to-be-released update, describing the flaw as:

“An attacker can train the branch predictor to speculatively skip the swapgs path for an interrupt or exception. If they initialize the GS register to a user-space value, if the swapgs is speculatively skipped, subsequent GS-related percpu accesses in the speculation window will be done with the attacker-controlled GS value. This could cause privileged memory to be accessed and leaked.”


Credit: The Hacker News By: noreply@blogger.com (Unknown)

Previous Post

Will HPE be MapR’s happy ending?

Next Post

New Windows hack warning: Patch Intel systems now to block SWAPGSAttack exploits

Related Posts

Cisco Releases Security Patches for Critical Flaws Affecting its Products
Internet Privacy

Cisco Releases Security Patches for Critical Flaws Affecting its Products

February 27, 2021
Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process
Internet Privacy

Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

February 26, 2021
North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware
Internet Privacy

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

February 26, 2021
Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack
Internet Privacy

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

February 26, 2021
Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations
Internet Privacy

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

February 25, 2021
Next Post
New Windows hack warning: Patch Intel systems now to block SWAPGSAttack exploits

New Windows hack warning: Patch Intel systems now to block SWAPGSAttack exploits

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Chrome will soon try HTTPS first when you type an incomplete URL
Internet Security

Chrome will soon try HTTPS first when you type an incomplete URL

February 27, 2021
Cisco Releases Security Patches for Critical Flaws Affecting its Products
Internet Privacy

Cisco Releases Security Patches for Critical Flaws Affecting its Products

February 27, 2021
Levels of Measurement (Nominal, Ordinal, Interval, Ratio) in Statistics
Data Science

Levels of Measurement (Nominal, Ordinal, Interval, Ratio) in Statistics

February 27, 2021
An Epic cognitive computing platform primer
Machine Learning

An Epic cognitive computing platform primer

February 27, 2021
Tackling ethics in AI algorithms: the case of Salesforce | by Iflexion | Feb, 2021
Neural Networks

Tackling ethics in AI algorithms: the case of Salesforce | by Iflexion | Feb, 2021

February 27, 2021
Take our martech survey: Friday’s daily brief
Digital Marketing

Take our martech survey: Friday’s daily brief

February 27, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Chrome will soon try HTTPS first when you type an incomplete URL February 27, 2021
  • Cisco Releases Security Patches for Critical Flaws Affecting its Products February 27, 2021
  • Levels of Measurement (Nominal, Ordinal, Interval, Ratio) in Statistics February 27, 2021
  • An Epic cognitive computing platform primer February 27, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates