SWAPGS: KernelCare patches are on the way

Published: Aug 7, 2019 5:30:37 PM / Last update: Jul 7, 2020 / by KernelCare Team

swapgs-social

KernelCare patches will start rolling out on Monday, 12 August.

A new month has started—Summer is in full swing—Must be time for another CPU vulnerability. (Let’s hope this one has a catchy name.)

It seems we haven’t seen the last of Spectre and Meltdown. They have risen from the ashes, mutated and turned into ... SWAPGS. (Sorry, no catchy name this time.)

This is another flaw in the architectural design of speculative execution side channels used to accelerate the performance of modern Intel CPUs. SWAPGS is a privileged instruction that can be run speculatively. The flaw can be exploited even with Spectre and Meltdown mitigations in place.

It’s officially numbered as CVE-2019-1125 and as with the previous types, this one affects Intel CPUs made since 2012; there is still controversy as to whether it also affects AMD processors (AMD says it doesn’t).

KernelCare patches will start rolling out on Monday, 12 August.

Patches Released to Production:

  • OEL 6
  • RHEL 6
  • RHEL 8
  • Ubuntu Xenial
  • Ubuntu Bionic
  • Debian 9

 

Buy KernelCare Now

 

References

 

About KernelCare

KernelCare is a live patching system that patches Linux kernel vulnerabilities automatically, with no reboots. It's used on over 300,000 servers, and has been used to patch servers running for 6+ years. It works with all major Linux distributions, such as RHEL, CentOS, Amazon Linux, and Ubuntu. It also interoperates with common vulnerability scanners such as Nessus, Tenable, Rapid7, and Qualys. To talk with a consultant about how KernelCare might meet your enterprise’s specific needs, contact us directly at sales@kernelcare.com.

Topics: KernelCare Blog, SWAPGS, Vulnerability fix, CVE

KernelCare Team

Written by KernelCare Team

    cover for blog

    Download Whitepaper

    Subscribe to Email Updates

    Recent Posts