Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2019-1125

Publication date 6 August 2019

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

5.6 · Medium

Score breakdown

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further. On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125. Microsoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM.

From the Ubuntu Security Team

Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory).

Read the notes from the security team

Status

Package Ubuntu Release Status
linux 19.10 eoan
Not affected
19.04 disco
Fixed 5.0.0-25.26
18.04 LTS bionic
Fixed 4.15.0-58.64
16.04 LTS xenial
Fixed 4.4.0-159.187
14.04 LTS trusty Ignored
linux-aws 19.10 eoan
Not affected
19.04 disco
Fixed 5.0.0-1012.13
18.04 LTS bionic
Fixed 4.15.0-1045.47
16.04 LTS xenial
Fixed 4.4.0-1090.101
14.04 LTS trusty
linux-aws-5.0 19.10 eoan Not in release
19.04 disco Not in release
18.04 LTS bionic
Not affected
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-aws-hwe 19.10 eoan Not in release
19.04 disco Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial
Fixed 4.15.0-1045.47~16.04.1
14.04 LTS trusty Not in release
linux-azure 19.10 eoan
Not affected
19.04 disco
Fixed 5.0.0-1014.14
18.04 LTS bionic
Fixed 5.0.0-1014.14~18.04.1
16.04 LTS xenial
Fixed 4.15.0-1055.60
14.04 LTS trusty
linux-azure-5.3 19.10 eoan Not in release
19.04 disco Not in release
18.04 LTS bionic
Not affected
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure-edge 19.10 eoan Not in release
19.04 disco Not in release
18.04 LTS bionic
Fixed 5.0.0-1014.14~18.04.1
16.04 LTS xenial
Fixed 4.15.0-1055.60
14.04 LTS trusty Not in release
linux-gcp 19.10 eoan
Not affected
19.04 disco
Fixed 5.0.0-1013.13
18.04 LTS bionic
Fixed 4.15.0-1040.42
16.04 LTS xenial
Fixed 4.15.0-1040.42~16.04.1
14.04 LTS trusty Not in release
linux-gcp-5.3 19.10 eoan Not in release
19.04 disco Not in release
18.04 LTS bionic
Not affected
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gcp-edge 19.10 eoan Not in release
19.04 disco Not in release
18.04 LTS bionic
Fixed 4.15.0-1040.42
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gke-4.15 19.10 eoan Not in release
19.04 disco Not in release
18.04 LTS bionic
Fixed 4.15.0-1040.42
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-gke-5.0 19.10 eoan Not in release
19.04 disco Not in release
18.04 LTS bionic
Fixed 5.0.0-1013.13~18.04.1
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-hwe 19.10 eoan Not in release
19.04 disco Not in release
18.04 LTS bionic
Fixed 5.0.0-25.26~18.04.1
16.04 LTS xenial
Fixed 4.15.0-58.64~16.04.1
14.04 LTS trusty Not in release
linux-hwe-edge 19.10 eoan Not in release
19.04 disco Not in release
18.04 LTS bionic Ignored
16.04 LTS xenial
Fixed 4.15.0-58.64~16.04.1
14.04 LTS trusty Not in release
linux-kvm 19.10 eoan
Not affected
19.04 disco
Fixed 5.0.0-1013.14
18.04 LTS bionic
Fixed 4.15.0-1042.42
16.04 LTS xenial
Fixed 4.4.0-1054.61
14.04 LTS trusty Not in release
linux-lts-trusty 19.10 eoan Not in release
19.04 disco Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-lts-xenial 19.10 eoan Not in release
19.04 disco Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty
linux-oem 19.10 eoan
Fixed 4.15.0-1050.57
19.04 disco
Fixed 4.15.0-1050.57
18.04 LTS bionic
Fixed 4.15.0-1050.57
16.04 LTS xenial Ignored
14.04 LTS trusty Not in release
linux-oem-5.4 19.10 eoan Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oem-osp1 19.10 eoan
Fixed 5.0.0-1018.20
19.04 disco Ignored
18.04 LTS bionic
Fixed 5.0.0-1018.20
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oracle 19.10 eoan
Not affected
19.04 disco
Fixed 5.0.0-1004.8
18.04 LTS bionic
Fixed 4.15.0-1021.23
16.04 LTS xenial
Fixed 4.15.0-1021.23~16.04.1
14.04 LTS trusty Not in release
linux-oracle-5.0 19.10 eoan Not in release
19.04 disco Not in release
18.04 LTS bionic
Not affected
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-raspi2 19.10 eoan
Not affected
19.04 disco
Not affected
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty Not in release
linux-raspi2-5.3 19.10 eoan Not in release
18.04 LTS bionic
Not affected
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-snapdragon 19.10 eoan Not in release
19.04 disco
Not affected
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty Not in release

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro

Notes

tyhicks

This issue is not believed to be exploitable in the Linux kernel but kernel updates will be made available to ensure that it cannot be exploited Kernel updates will soon be available for testing in the Proposed pocket and they are expected to be officially released on August 12th See the following page if you'd like to test the patched kernels from the Proposed pocket: https://wiki.sne.bianheman.eu.org/Testing/EnableProposed

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
linux

Severity score breakdown

Parameter Value
Base score 5.6 · Medium
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Scope Changed
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

References

Related Ubuntu Security Notices (USN)

    • USN-4095-1
    • Linux kernel vulnerabilities
    • 13 August 2019
    • USN-4094-1
    • Linux kernel vulnerabilities
    • 13 August 2019
    • USN-4095-2
    • Linux kernel (Xenial HWE) vulnerabilities
    • 13 August 2019
    • USN-4096-1
    • Linux kernel (AWS) vulnerability
    • 13 August 2019
    • USN-4093-1
    • Linux kernel vulnerabilities
    • 13 August 2019

Other references