CVE - CVE-2019-1125

CVE-ID
CVE-2019-1125	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further. On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125. Microsoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:RHBA-2019:2824 URL:https://access.redhat.com/errata/RHBA-2019:2824 MISC:RHBA-2019:3248 URL:https://access.redhat.com/errata/RHBA-2019:3248 MISC:RHSA-2019:2600 URL:https://access.redhat.com/errata/RHSA-2019:2600 MISC:RHSA-2019:2609 URL:https://access.redhat.com/errata/RHSA-2019:2609 MISC:RHSA-2019:2695 URL:https://access.redhat.com/errata/RHSA-2019:2695 MISC:RHSA-2019:2696 URL:https://access.redhat.com/errata/RHSA-2019:2696 MISC:RHSA-2019:2730 URL:https://access.redhat.com/errata/RHSA-2019:2730 MISC:RHSA-2019:2899 URL:https://access.redhat.com/errata/RHSA-2019:2899 MISC:RHSA-2019:2900 URL:https://access.redhat.com/errata/RHSA-2019:2900 MISC:RHSA-2019:2975 URL:https://access.redhat.com/errata/RHSA-2019:2975 MISC:RHSA-2019:3011 URL:https://access.redhat.com/errata/RHSA-2019:3011 MISC:RHSA-2019:3220 URL:https://access.redhat.com/errata/RHSA-2019:3220 MISC:http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html URL:http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html MISC:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-en URL:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-en MISC:https://kc.mcafee.com/corporate/index?page=content&id=SB10297 URL:https://kc.mcafee.com/corporate/index?page=content&id=SB10297 MISC:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125 URL:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125 MISC:https://www.synology.com/security/advisory/Synology_SA_19_32 URL:https://www.synology.com/security/advisory/Synology_SA_19_32
Assigning CNA
Microsoft Corporation
Date Record Created
20181126	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20181126)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)