SWAPGS: Yet Another Intel Speculative Execution Attack Exposed

[Tsing]

Bitdefender has published a report on a new side-channel attack that affects all Intel processors since Ivy Bridge (2012). The vulnerability revolves around an instruction called SWAPGS, which is designed for exchanging a GS base register value in 64-bit chips.

Microsoft has already published a patch, which results in "no noticeable performance degradation." AMD processors are not affected by the SWAPGS Attack.

Unpatched Windows systems running on 64-bit Intel hardware are susceptible to leaking sensitive kernel memory, including from user mode. The SWAPGS Attack circumvents all known mitigation techniques deployed against previous side-channel attacks on vulnerabilities in speculative execution.

 

[Peter_Brosdahl]

Thanks! Didn't know about this one but I did wonder why it seemed like there had been more than normal updates coming from M.S. in the last couple of weeks.

 

[GetOffMyWan]

The SWAPGS website actually also has a lot of good information about the vulnerability.

 

[Grimlakin]

Speculative execution... is a HUGE ****ING problem. this is why vendors are just turning it off in large part on intel CPU's.

I'm still bitter about that on my ESXi hosts. Thankfully we are not heavily loaded or over provisioned. But still.