CVE-2019-1125

LOW

Description

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073.

References

http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-en

https://access.redhat.com/errata/RHBA-2019:2824

https://access.redhat.com/errata/RHBA-2019:3248

https://access.redhat.com/errata/RHSA-2019:2600

https://access.redhat.com/errata/RHSA-2019:2609

https://access.redhat.com/errata/RHSA-2019:2695

https://access.redhat.com/errata/RHSA-2019:2696

https://access.redhat.com/errata/RHSA-2019:2730

https://access.redhat.com/errata/RHSA-2019:2899

https://access.redhat.com/errata/RHSA-2019:2900

https://access.redhat.com/errata/RHSA-2019:2975

https://access.redhat.com/errata/RHSA-2019:3011

https://access.redhat.com/errata/RHSA-2019:3220

https://kc.mcafee.com/corporate/index?page=content&id=SB10297

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125

https://www.synology.com/security/advisory/Synology_SA_19_32

Details

Source: MITRE

Published: 2019-09-03

Updated: 2020-08-24

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (74 total)

IDNameProductFamilySeverity
145678CentOS 8 : kernel (CESA-2019:2411)NessusCentOS Local Security Checks
high
144831EulerOS Virtualization 3.0.2.6 : kernel (EulerOS-SA-2021-1056)NessusHuawei Local Security Checks
critical
138395F5 Networks BIG-IP : Spectre SWAPGS gadget vulnerability (K31085564)NessusF5 Networks Local Security Checks
medium
134312NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0021)NessusNewStart CGSL Local Security Checks
high
132495NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)NessusNewStart CGSL Local Security Checks
high
132474NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)NessusNewStart CGSL Local Security Checks
high
131845EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)NessusHuawei Local Security Checks
critical
130736EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)NessusHuawei Local Security Checks
critical
130663EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2201)NessusHuawei Local Security Checks
critical
130376RHEL 7 : kernel (RHSA-2019:3220)NessusRed Hat Local Security Checks
medium
129924NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0200)NessusNewStart CGSL Local Security Checks
high
129888NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0189)NessusNewStart CGSL Local Security Checks
high
129860RHEL 7 : Virtualization Manager (RHSA-2019:3011)NessusRed Hat Local Security Checks
low
129738RHEL 7 : kernel (RHSA-2019:2975)NessusRed Hat Local Security Checks
medium
129373RHEL 7 : kernel (RHSA-2019:2900)NessusRed Hat Local Security Checks
high
129372RHEL 7 : kernel (RHSA-2019:2899)NessusRed Hat Local Security Checks
high
129284SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)NessusSuSE Local Security Checks
high
129020CentOS 7 : kernel (CESA-2019:2600)NessusCentOS Local Security Checks
high
128854RHEL 6 : MRG (RHSA-2019:2730)NessusRed Hat Local Security Checks
high
128689NewStart CGSL MAIN 4.06 : kernel Multiple Vulnerabilities (NS-SA-2019-0177)NessusNewStart CGSL Local Security Checks
high
128662RHEL 7 : kernel (RHSA-2019:2696)NessusRed Hat Local Security Checks
high
128661RHEL 6 : kernel (RHSA-2019:2695)NessusRed Hat Local Security Checks
low
128601Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4777)NessusOracle Linux Local Security Checks
low
128600Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4775)NessusOracle Linux Local Security Checks
low
128542SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2299-1)NessusSuSE Local Security Checks
medium
128513Oracle Linux 7 : kernel (ELSA-2019-2600)NessusOracle Linux Local Security Checks
high
128501Scientific Linux Security Update : kernel on SL7.x x86_64 (20190903)NessusScientific Linux Local Security Checks
high
128498RHEL 7 : kernel-rt (RHSA-2019:2609)NessusRed Hat Local Security Checks
high
128495RHEL 7 : kernel (RHSA-2019:2600)NessusRed Hat Local Security Checks
high
128470SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2263-1)NessusSuSE Local Security Checks
medium
128469SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2262-1)NessusSuSE Local Security Checks
medium
128032Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2019-067)NessusVirtuozzo Local Security Checks
high
128012openSUSE Security Update : the Linux Kernel (openSUSE-2019-1924)NessusSuSE Local Security Checks
medium
128011openSUSE Security Update : the Linux Kernel (openSUSE-2019-1923)NessusSuSE Local Security Checks
medium
127985Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4746)NessusOracle Linux Local Security Checks
high
127982Oracle Linux 6 : kernel (ELSA-2019-2473)NessusOracle Linux Local Security Checks
high
127978Oracle Linux 8 : kernel (ELSA-2019-2411)NessusOracle Linux Local Security Checks
high
127921Debian DLA-1885-1 : linux-4.9 security updateNessusDebian Local Security Checks
high
127919CentOS 6 : kernel (CESA-2019:2473)NessusCentOS Local Security Checks
high
127891Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Linux kernel (AWS) vulnerability (USN-4096-1)NessusUbuntu Local Security Checks
low
127890Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4095-1)NessusUbuntu Local Security Checks
high
127889Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4094-1)NessusUbuntu Local Security Checks
high
127888Ubuntu 18.04 LTS / 19.04 : Linux kernel vulnerabilities (USN-4093-1)NessusUbuntu Local Security Checks
high
127882Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-226-01)NessusSlackware Local Security Checks
high
127880Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20190813)NessusScientific Linux Local Security Checks
high
127879RHEL 6 : kernel (RHSA-2019:2476)NessusRed Hat Local Security Checks
medium
127878RHEL 6 : kernel (RHSA-2019:2473)NessusRed Hat Local Security Checks
high
127867Debian DSA-4497-1 : linux - security updateNessusDebian Local Security Checks
high
127866Debian DLA-1884-1 : linux security updateNessusDebian Local Security Checks
high
127776SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2073-1)NessusSuSE Local Security Checks
medium
127775SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2072-1)NessusSuSE Local Security Checks
medium
127774SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2071-1)NessusSuSE Local Security Checks
medium
127773SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2070-1)NessusSuSE Local Security Checks
medium
127772SUSE SLED15 / SLES15 Security Update : Linux Azure Kernel (SUSE-SU-2019:2068-1)NessusSuSE Local Security Checks
medium
127722RHEL 8 : kernel (RHSA-2019:2411)NessusRed Hat Local Security Checks
high
127721RHEL 8 : kernel-rt (RHSA-2019:2405)NessusRed Hat Local Security Checks
high
127614Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4735)NessusOracle Linux Local Security Checks
low
127565OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0038)NessusOracleVM Local Security Checks
high
127532Fedora 30 : kernel / kernel-headers / kernel-tools (2019-e37c348348)NessusFedora Local Security Checks
low
127515Fedora 29 : kernel / kernel-headers / kernel-tools (2019-6bda4c81f4)NessusFedora Local Security Checks
low
127491Debian DSA-4495-1 : linux - security updateNessusDebian Local Security Checks
high
127468Amazon Linux AMI : kernel (ALAS-2019-1253)NessusAmazon Linux Local Security Checks
low
127461Amazon Linux 2 : kernel (ALAS-2019-1253)NessusAmazon Linux Local Security Checks
low
126579KB4507469: Windows 10 Version 1809 and Windows Server 2019 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126578KB4507464: Windows Server 2012 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126577KB4507460: Windows 10 Version 1607 and Windows Server 2016 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126576KB4507458: Windows 10 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126575KB4507455: Windows 10 Version 1709 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126574KB4507453: Windows 10 Version 1903 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126573KB4507461: Windows Server 2008 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126572KB4507450: Windows 10 Version 1703 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126571KB4507456: Windows 7 and Windows Server 2008 R2 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126570KB4507457: Windows 8.1 and Windows Server 2012 R2 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126569KB4507435: Windows 10 Version 1803 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high