Project:Security/Vulnerabilities/Spectre SWAPGS gadget vulnerability
From Gentoo Wiki
Jump to:navigation
Jump to:search
Summary
Gentoo Linux has been made aware of an additional Spectre V1 like attack vector, requiring updates to the Linux kernel.
Spectre SWAPGS gadget vulnerability (CVE-2019-1125) allows an unprivileged local attacker to bypass conventional memory security restrictions to gain read access to privileged memory that would otherwise be inaccessible.
Resolution
There is no known complete mitigation other than updating the kernel and rebooting the system. This kernel patch builds on existing spectre mitigations.
Kernel updates
| LTS branch | Version with complete mitigation | Recommended version (stabilization candidate) |
|---|---|---|
| 4.4 | >=sys-kernel/gentoo-sources-4.4.188 | >=sys-kernel/gentoo-sources-4.4.189 |
| 4.9 | >=sys-kernel/gentoo-sources-4.9.188 | >=sys-kernel/gentoo-sources-4.9.189 |
| 4.14 | >=sys-kernel/gentoo-sources-4.14.137 | >=sys-kernel/gentoo-sources-4.14.138 |
| 4.19 | >=sys-kernel/gentoo-sources-4.19.65 | >=sys-kernel/gentoo-sources-4.19.66 |
Known performance impact
First tests with SWAPGS mitigation have shown to cause a performance impact. Benchmarks being worked on.