SWAPGS Attack, a "new Specter" that affects Intel processors

swags

Se has discovered a new Specter variant (Variant 1) that affects modern Intel processors and probably some AMD processors. Microsoft and Red Hat have been in charge of raising the alarm, since SWAPGS is a vulnerability that could allow an unprivileged local attacker to access privileged information stored in the memory of the operating system's privileged kernel, including otherwise inaccessible passwords, tokens, and encryption keys.

La speculative execution it is a central component of modern microprocessor design that speculatively executes instructions based on assumptions that are regarded as possibly true. If the assumptions are valid, execution continues; otherwise, it is discarded. A speculative execution like this also has side effects that are not restored when the CPU state is unwound, leading to the disclosure of information that can then be accessed via side channel attacks.

Linux users are less vulnerable to SWAPGS

The SWAPGS instruction is a privileged system instruction that exchanges the values ​​in the GS register with the MSR values ​​and is only available on x86-64 architecture devices. The SWAPGS attack breaks the kernel page table isolation (KPTI) provided by modern CPUs and can be used to filter sensitive kernel memory from unprivileged user mode. The new attack avoids all known mitigations implemented after the discovery of the Specter and Meltdown vulnerabilities. at the beginning of 2018 that put practically every computer in the world at risk.

Without releasing any major announcements, Microsoft released the patch to protect us from SWAPGS in its July 2019 update. Google has a patch prepared for its ChromeOS that it will release soon. On the other hand, Linux users are a bit safer because, according to security researchers, although the Linux kernel also contains a component that can be exploited, doing it on linux is a bit more difficult than on Windows systems.

The good thing or what should reassure us all is that the bug must be exploited locally, so we are not in any danger if we only let our equipment touch it by trusted people.

Meltdown and Specter
Related article:
How to know if our Ubuntu is vulnerable to Meltdown and Specter

Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.