On August 7, it was discovered and published the existence of a serious security breach. It was about SWAPGS, a variant of Specter that could allow an unprivileged local attacker to access privileged information stored in the operating system's privileged kernel memory, including otherwise inaccessible passwords, tokens, and encryption keys. Today, less than a week later, we can say that Canonical has already fixed the problem.
He has done it by means of a Ubuntu kernel update. At the time of writing this article and due to the lack of information in an official medium, we can only confirm that there are new versions for Disco Dingo, with two system kernel updates available: linux-image-generic 5.0.0-25.26 and linux -libc-dev 5.0.0-25.26. Where the most interesting information appears is in the second one and you have all the information below.
SWAPGS has already been fixed in Ubuntu
The bug that they have solved has been the CVE-2019-1125 and the applied patches fix the following:
- It recovers the characteristics of CQM.
- Combine words 11 and 12 into a new word with sparse characteristics.
- Prepare the entry code for mitigations for Specter V1 SWAPGS.
- Enable mitigations for Specter v1 SWAPGS.
- Use JPM instead of JPMQ.
- Exclude ATOMs from speculation via SWAPGS.
As we mentioned above, at the time of writing this article we have not yet been able to verify that there are new versions of the kernel for Ubuntu 18.04 and Ubuntu 16.04, but most likely it is. We will continue investigating, but both are LTS versions, Bionic Beaver will still be supported until 2023 and Xenial Xerus until 2021. It is also not ruled out that these patches will reach Ubuntu 14.04 ESM, an extension of support that exceeds 5 years, but only to correct serious security flaws. We will update this article with the new information as soon as we can confirm it.
Updated- We confirmed that there are also new kernel versions for Ubuntu 18.04 and Ubuntu 16.04 that fix the SWAPGS vulnerability and other bugs.