CVE-2019-1125

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073.

References

http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-en

https://access.redhat.com/errata/RHBA-2019:2824

https://access.redhat.com/errata/RHBA-2019:3248

https://access.redhat.com/errata/RHSA-2019:2600

https://access.redhat.com/errata/RHSA-2019:2609

https://access.redhat.com/errata/RHSA-2019:2695

https://access.redhat.com/errata/RHSA-2019:2696

https://access.redhat.com/errata/RHSA-2019:2730

https://access.redhat.com/errata/RHSA-2019:2899

https://access.redhat.com/errata/RHSA-2019:2900

https://access.redhat.com/errata/RHSA-2019:2975

https://access.redhat.com/errata/RHSA-2019:3011

https://access.redhat.com/errata/RHSA-2019:3220

https://kc.mcafee.com/corporate/index?page=content&id=SB10297

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125

https://www.synology.com/security/advisory/Synology_SA_19_32

Details

Source: MITRE

Published: 2019-09-03

Updated: 2020-08-24

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (75 total)

IDNameProductFamilySeverity
150618SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14157-1)NessusSuSE Local Security Checks
medium
145678CentOS 8 : kernel (CESA-2019:2411)NessusCentOS Local Security Checks
high
144831EulerOS Virtualization 3.0.2.6 : kernel (EulerOS-SA-2021-1056)NessusHuawei Local Security Checks
critical
138395F5 Networks BIG-IP : Spectre SWAPGS gadget vulnerability (K31085564)NessusF5 Networks Local Security Checks
medium
134312NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0021)NessusNewStart CGSL Local Security Checks
high
132495NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)NessusNewStart CGSL Local Security Checks
high
132474NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)NessusNewStart CGSL Local Security Checks
high
131845EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)NessusHuawei Local Security Checks
critical
130736EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)NessusHuawei Local Security Checks
critical
130663EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2201)NessusHuawei Local Security Checks
critical
130376RHEL 7 : kernel (RHSA-2019:3220)NessusRed Hat Local Security Checks
high
129924NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0200)NessusNewStart CGSL Local Security Checks
high
129888NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0189)NessusNewStart CGSL Local Security Checks
high
129860RHEL 7 : Virtualization Manager (RHSA-2019:3011)NessusRed Hat Local Security Checks
medium
129738RHEL 7 : kernel (RHSA-2019:2975)NessusRed Hat Local Security Checks
high
129373RHEL 7 : kernel (RHSA-2019:2900)NessusRed Hat Local Security Checks
high
129372RHEL 7 : kernel (RHSA-2019:2899)NessusRed Hat Local Security Checks
high
129284SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)NessusSuSE Local Security Checks
high
129020CentOS 7 : kernel (CESA-2019:2600)NessusCentOS Local Security Checks
high
128854RHEL 6 : MRG (RHSA-2019:2730)NessusRed Hat Local Security Checks
high
128689NewStart CGSL MAIN 4.06 : kernel Multiple Vulnerabilities (NS-SA-2019-0177)NessusNewStart CGSL Local Security Checks
high
128662RHEL 7 : kernel (RHSA-2019:2696)NessusRed Hat Local Security Checks
high
128661RHEL 6 : kernel (RHSA-2019:2695)NessusRed Hat Local Security Checks
medium
128601Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4777)NessusOracle Linux Local Security Checks
medium
128600Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4775)NessusOracle Linux Local Security Checks
medium
128542SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2299-1)NessusSuSE Local Security Checks
high
128513Oracle Linux 7 : kernel (ELSA-2019-2600)NessusOracle Linux Local Security Checks
high
128501Scientific Linux Security Update : kernel on SL7.x x86_64 (20190903)NessusScientific Linux Local Security Checks
high
128498RHEL 7 : kernel-rt (RHSA-2019:2609)NessusRed Hat Local Security Checks
high
128495RHEL 7 : kernel (RHSA-2019:2600)NessusRed Hat Local Security Checks
high
128470SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2263-1)NessusSuSE Local Security Checks
high
128469SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2262-1)NessusSuSE Local Security Checks
medium
128032Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2019-067)NessusVirtuozzo Local Security Checks
high
128012openSUSE Security Update : the Linux Kernel (openSUSE-2019-1924)NessusSuSE Local Security Checks
medium
128011openSUSE Security Update : the Linux Kernel (openSUSE-2019-1923)NessusSuSE Local Security Checks
medium
127985Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4746)NessusOracle Linux Local Security Checks
high
127982Oracle Linux 6 : kernel (ELSA-2019-2473)NessusOracle Linux Local Security Checks
high
127978Oracle Linux 8 : kernel (ELSA-2019-2411)NessusOracle Linux Local Security Checks
high
127921Debian DLA-1885-1 : linux-4.9 security updateNessusDebian Local Security Checks
high
127919CentOS 6 : kernel (CESA-2019:2473)NessusCentOS Local Security Checks
high
127891Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Linux kernel (AWS) vulnerability (USN-4096-1)NessusUbuntu Local Security Checks
medium
127890Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4095-1)NessusUbuntu Local Security Checks
high
127889Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4094-1)NessusUbuntu Local Security Checks
high
127888Ubuntu 18.04 LTS / 19.04 : Linux kernel vulnerabilities (USN-4093-1)NessusUbuntu Local Security Checks
high
127882Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-226-01)NessusSlackware Local Security Checks
high
127880Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20190813)NessusScientific Linux Local Security Checks
high
127879RHEL 6 : kernel (RHSA-2019:2476)NessusRed Hat Local Security Checks
high
127878RHEL 6 : kernel (RHSA-2019:2473)NessusRed Hat Local Security Checks
high
127867Debian DSA-4497-1 : linux - security updateNessusDebian Local Security Checks
high
127866Debian DLA-1884-1 : linux security updateNessusDebian Local Security Checks
high
127776SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2073-1)NessusSuSE Local Security Checks
medium
127775SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2072-1)NessusSuSE Local Security Checks
medium
127774SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2071-1)NessusSuSE Local Security Checks
medium
127773SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2070-1)NessusSuSE Local Security Checks
medium
127772SUSE SLED15 / SLES15 Security Update : Linux Azure Kernel (SUSE-SU-2019:2068-1)NessusSuSE Local Security Checks
medium
127722RHEL 8 : kernel (RHSA-2019:2411)NessusRed Hat Local Security Checks
high
127721RHEL 8 : kernel-rt (RHSA-2019:2405)NessusRed Hat Local Security Checks
high
127614Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4735)NessusOracle Linux Local Security Checks
medium
127565OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0038)NessusOracleVM Local Security Checks
medium
127532Fedora 30 : kernel / kernel-headers / kernel-tools (2019-e37c348348)NessusFedora Local Security Checks
medium
127515Fedora 29 : kernel / kernel-headers / kernel-tools (2019-6bda4c81f4)NessusFedora Local Security Checks
medium
127491Debian DSA-4495-1 : linux - security updateNessusDebian Local Security Checks
high
127468Amazon Linux AMI : kernel (ALAS-2019-1253)NessusAmazon Linux Local Security Checks
medium
127461Amazon Linux 2 : kernel (ALAS-2019-1253)NessusAmazon Linux Local Security Checks
medium
126579KB4507469: Windows 10 Version 1809 and Windows Server 2019 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126578KB4507464: Windows Server 2012 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126577KB4507460: Windows 10 Version 1607 and Windows Server 2016 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126576KB4507458: Windows 10 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126575KB4507455: Windows 10 Version 1709 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126574KB4507453: Windows 10 Version 1903 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126573KB4507461: Windows Server 2008 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126572KB4507450: Windows 10 Version 1703 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126571KB4507456: Windows 7 and Windows Server 2008 R2 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126570KB4507457: Windows 8.1 and Windows Server 2012 R2 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high
126569KB4507435: Windows 10 Version 1803 July 2019 Security Update (SWAPGS)NessusWindows : Microsoft Bulletins
high