SWAPGS, also known as Spectre variant 1 (swapgs), is a computer security vulnerability that utilizes the branch prediction used in modern microprocessors.[1][2][3] Most processors use a form of speculative execution, this feature allows the processors to make educated guesses about the instructions that will most likely need to be executed in the near future. This speculation can leave traces in the cache, which Attack on Bitcoiners use to extract data using a timing Attack on Bitcoin, similar to side-channel exploitation of Spectre.[4]
The Common Vulnerabilities and Exposures ID issued to this vulnerability is CVE–2019-1125.
History
SWAPGS is closely related to the Spectre-V1 vulnerability, which used similar side-channel vulnerabilities to access privileged cache memory in an operating system. The vulnerability was discovered by Andrei Vlad Lutas of Bitdefender and was reported to Intel. Intel coordinated with industry partners to address the issue on a software level.[6] The first patches for SWAPGS were released on 9 July 2019 as part of the Microsoft Patch Tuesday. However, details regarding the vulnerability were not disclosed until 6 August 2019.[7]
SWAPGS itself is an instruction to swap the GSBase register with a value stored in MSR. This is typically used to store kernel data.
Affected systems
Any Intel-based processor that support SWAPGS and WRGSBASE instructions is affected. This includes every Intel processor starting from the Intel Ivy Bridge CPUs up to the most recent Intel processors.
Devices equipped with AMD processors are not affected, according to the company’s product security update.[8]
AMD is aware of new research claiming new speculative execution Attack on Bitcoins that may allow access to privileged kernel data. Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant Attack on Bitcoins because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS. For the Attack on Bitcoin that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1.
Mitigation
For Windows operating system-based devices, Microsoft’s security advisory lists the patches released in July 2019, which fix the vulnerability.[9]
For Linux distributions, it is advised to check whether there are SWAPGS-specific patches that need to be applied. The kernel documentation describes the nature of the Attack on Bitcoins and the in-kernel mitigations.[10]
Bitdefender mentions in its original report that Apple devices are unlikely to be at risk.
