Researchers at security firm Bitdefender disclosed the vulnerability Tuesday, which affects all Intel CPUs after 2012. RedHat issued a statement about the vulnerability that it should appear on AMD and Intels CPU products, but only Bitdefender security researchers have proved that it can run on Intel platforms. Microsoft has fixed this vulnerability in last months Patch Tuesday update, so if you have recently updated your operating system, you have been protected against SWAPGS. Patches do not require microcode updates, vulnerability number CVE-2019-1125.
AMD also issued a statement in which it said: AMD has realized that new research claims new speculative execution attacks that may allow access to privileged kernel data. Based on external and internal analysis, AMD believes that they are not vulnerable to SWAPGS variants because AMD products are not designed to speculate on new GS values after SWAPGS.
Working Principle of SWAPGS
SWAPGS is a Spectre-type vulnerability that exploits processor branch prediction (predicting when to switch instruction sequences to improve performance). The processor speculates which instruction sequence is most likely to run next and prepares its internal state for this purpose. When observing these instructions, possible sensitive data can be revealed by observing the timing results.
It is a ghost-like attack named after an x86-64 instruction called SWAPGS, which exchanges GS registers (only a segment register that builds a full memory address), whose values should be used during kernel operations. Because of its nature, SWAPGS does not perform any type of correction on the data it uses, so it can execute attacks. During the swap, an attacker can insert any value without receiving an error or warning from the processor.
As we now know, there is not much mitigation in hardware for such vulnerabilities as ghosts and fuses, and the industry still relies heavily on software/firmware-level patch mitigation that negatively affects performance. Only AMD and Intels latest processor models have hardware mitigation capabilities. Microsoft has now pushed the update patch to its Windows operating system, and any Linux-based operating system kernel patches should also be discussed on GitHub. Although SWAPGS vulnerabilities are difficult to exploit in daily use, security personnel strongly recommend installing these patches, but their performance impact is still unknown. (Yin Baoting)
Ghost and Fusion, Source: TPU
Source: Responsible Editor of Superpower Network: Wang Fengzhi_NT2541