CVE-2019-1125

LOW

Description

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073.

References

http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-en

https://access.redhat.com/errata/RHBA-2019:2824

https://access.redhat.com/errata/RHBA-2019:3248

https://access.redhat.com/errata/RHSA-2019:2600

https://access.redhat.com/errata/RHSA-2019:2609

https://access.redhat.com/errata/RHSA-2019:2695

https://access.redhat.com/errata/RHSA-2019:2696

https://access.redhat.com/errata/RHSA-2019:2730

https://access.redhat.com/errata/RHSA-2019:2899

https://access.redhat.com/errata/RHSA-2019:2900

https://access.redhat.com/errata/RHSA-2019:2975

https://access.redhat.com/errata/RHSA-2019:3011

https://access.redhat.com/errata/RHSA-2019:3220

https://kc.mcafee.com/corporate/index?page=content&id=SB10297

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125

https://www.synology.com/security/advisory/Synology_SA_19_32

Details

Source: MITRE

Published: 2019-09-03

Updated: 2020-08-24

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

Configuration 2

cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (72 total)

ID	Name	Product	Family	Severity
138395	F5 Networks BIG-IP : Spectre SWAPGS gadget vulnerability (K31085564)	Nessus	F5 Networks Local Security Checks	medium
134312	NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0021)	Nessus	NewStart CGSL Local Security Checks	high
132495	NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)	Nessus	NewStart CGSL Local Security Checks	high
132474	NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)	Nessus	NewStart CGSL Local Security Checks	high
131845	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)	Nessus	Huawei Local Security Checks	critical
130736	EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)	Nessus	Huawei Local Security Checks	critical
130663	EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2201)	Nessus	Huawei Local Security Checks	critical
130376	RHEL 7 : kernel (RHSA-2019:3220)	Nessus	Red Hat Local Security Checks	medium
129924	NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0200)	Nessus	NewStart CGSL Local Security Checks	high
129888	NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0189)	Nessus	NewStart CGSL Local Security Checks	high
129860	RHEL 7 : Virtualization Manager (RHSA-2019:3011)	Nessus	Red Hat Local Security Checks	low
129738	RHEL 7 : kernel (RHSA-2019:2975)	Nessus	Red Hat Local Security Checks	medium
129373	RHEL 7 : kernel (RHSA-2019:2900)	Nessus	Red Hat Local Security Checks	high
129372	RHEL 7 : kernel (RHSA-2019:2899)	Nessus	Red Hat Local Security Checks	high
129284	SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)	Nessus	SuSE Local Security Checks	high
129020	CentOS 7 : kernel (CESA-2019:2600)	Nessus	CentOS Local Security Checks	high
128854	RHEL 6 : MRG (RHSA-2019:2730)	Nessus	Red Hat Local Security Checks	high
128689	NewStart CGSL MAIN 4.06 : kernel Multiple Vulnerabilities (NS-SA-2019-0177)	Nessus	NewStart CGSL Local Security Checks	high
128662	RHEL 7 : kernel (RHSA-2019:2696)	Nessus	Red Hat Local Security Checks	high
128661	RHEL 6 : kernel (RHSA-2019:2695)	Nessus	Red Hat Local Security Checks	low
128601	Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4777)	Nessus	Oracle Linux Local Security Checks	low
128600	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4775)	Nessus	Oracle Linux Local Security Checks	low
128542	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2299-1)	Nessus	SuSE Local Security Checks	medium
128513	Oracle Linux 7 : kernel (ELSA-2019-2600)	Nessus	Oracle Linux Local Security Checks	high
128501	Scientific Linux Security Update : kernel on SL7.x x86_64 (20190903)	Nessus	Scientific Linux Local Security Checks	high
128498	RHEL 7 : kernel-rt (RHSA-2019:2609)	Nessus	Red Hat Local Security Checks	high
128495	RHEL 7 : kernel (RHSA-2019:2600)	Nessus	Red Hat Local Security Checks	high
128470	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2263-1)	Nessus	SuSE Local Security Checks	medium
128469	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2262-1)	Nessus	SuSE Local Security Checks	medium
128032	Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2019-067)	Nessus	Virtuozzo Local Security Checks	high
128012	openSUSE Security Update : the Linux Kernel (openSUSE-2019-1924)	Nessus	SuSE Local Security Checks	medium
128011	openSUSE Security Update : the Linux Kernel (openSUSE-2019-1923)	Nessus	SuSE Local Security Checks	medium
127985	Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4746)	Nessus	Oracle Linux Local Security Checks	high
127982	Oracle Linux 6 : kernel (ELSA-2019-2473)	Nessus	Oracle Linux Local Security Checks	high
127978	Oracle Linux 8 : kernel (ELSA-2019-2411)	Nessus	Oracle Linux Local Security Checks	high
127921	Debian DLA-1885-1 : linux-4.9 security update	Nessus	Debian Local Security Checks	high
127919	CentOS 6 : kernel (CESA-2019:2473)	Nessus	CentOS Local Security Checks	high
127891	Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Linux kernel (AWS) vulnerability (USN-4096-1)	Nessus	Ubuntu Local Security Checks	low
127890	Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4095-1)	Nessus	Ubuntu Local Security Checks	high
127889	Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4094-1)	Nessus	Ubuntu Local Security Checks	high
127888	Ubuntu 18.04 LTS / 19.04 : Linux kernel vulnerabilities (USN-4093-1)	Nessus	Ubuntu Local Security Checks	high
127882	Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-226-01)	Nessus	Slackware Local Security Checks	high
127880	Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20190813)	Nessus	Scientific Linux Local Security Checks	high
127879	RHEL 6 : kernel (RHSA-2019:2476)	Nessus	Red Hat Local Security Checks	medium
127878	RHEL 6 : kernel (RHSA-2019:2473)	Nessus	Red Hat Local Security Checks	high
127867	Debian DSA-4497-1 : linux - security update	Nessus	Debian Local Security Checks	high
127866	Debian DLA-1884-1 : linux security update	Nessus	Debian Local Security Checks	high
127776	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2073-1)	Nessus	SuSE Local Security Checks	medium
127775	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2072-1)	Nessus	SuSE Local Security Checks	medium
127774	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2071-1)	Nessus	SuSE Local Security Checks	medium
127773	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2070-1)	Nessus	SuSE Local Security Checks	medium
127772	SUSE SLED15 / SLES15 Security Update : Linux Azure Kernel (SUSE-SU-2019:2068-1)	Nessus	SuSE Local Security Checks	medium
127722	RHEL 8 : kernel (RHSA-2019:2411)	Nessus	Red Hat Local Security Checks	high
127721	RHEL 8 : kernel-rt (RHSA-2019:2405)	Nessus	Red Hat Local Security Checks	high
127614	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4735)	Nessus	Oracle Linux Local Security Checks	low
127565	OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0038)	Nessus	OracleVM Local Security Checks	high
127532	Fedora 30 : kernel / kernel-headers / kernel-tools (2019-e37c348348)	Nessus	Fedora Local Security Checks	low
127515	Fedora 29 : kernel / kernel-headers / kernel-tools (2019-6bda4c81f4)	Nessus	Fedora Local Security Checks	low
127491	Debian DSA-4495-1 : linux - security update	Nessus	Debian Local Security Checks	high
127468	Amazon Linux AMI : kernel (ALAS-2019-1253)	Nessus	Amazon Linux Local Security Checks	low
127461	Amazon Linux 2 : kernel (ALAS-2019-1253)	Nessus	Amazon Linux Local Security Checks	low
126579	KB4507469: Windows 10 Version 1809 and Windows Server 2019 July 2019 Security Update (SWAPGS)	Nessus	Windows : Microsoft Bulletins	high
126578	KB4507464: Windows Server 2012 July 2019 Security Update (SWAPGS)	Nessus	Windows : Microsoft Bulletins	high
126577	KB4507460: Windows 10 Version 1607 and Windows Server 2016 July 2019 Security Update (SWAPGS)	Nessus	Windows : Microsoft Bulletins	high
126576	KB4507458: Windows 10 July 2019 Security Update (SWAPGS)	Nessus	Windows : Microsoft Bulletins	high
126575	KB4507455: Windows 10 Version 1709 July 2019 Security Update (SWAPGS)	Nessus	Windows : Microsoft Bulletins	high
126574	KB4507453: Windows 10 Version 1903 July 2019 Security Update (SWAPGS)	Nessus	Windows : Microsoft Bulletins	high
126573	KB4507461: Windows Server 2008 July 2019 Security Update (SWAPGS)	Nessus	Windows : Microsoft Bulletins	high
126572	KB4507450: Windows 10 Version 1703 July 2019 Security Update (SWAPGS)	Nessus	Windows : Microsoft Bulletins	high
126571	KB4507456: Windows 7 and Windows Server 2008 R2 July 2019 Security Update (SWAPGS)	Nessus	Windows : Microsoft Bulletins	high
126570	KB4507457: Windows 8.1 and Windows Server 2012 R2 July 2019 Security Update (SWAPGS)	Nessus	Windows : Microsoft Bulletins	high
126569	KB4507435: Windows 10 Version 1803 July 2019 Security Update (SWAPGS)	Nessus	Windows : Microsoft Bulletins	high