Lucene search
AmazonALAS2-2019-1253HistoryAug 05, 2019 - 5:48 p.m.
Medium: kernel
2019-08-0517:48:00
alas.aws.amazon.com
18
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7 High
AI Score
Confidence
High
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
52.7%
Issue Overview:
There is a newly discovered variant side-channel attack of Spectre V1 which leverages SWAPGS instructions to bypass KPTI/KVA mitigations. This could lead to a kernel information disclosure. (CVE-2019-1125)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
New Packages:
aarch64:
kernel-4.14.133-113.112.amzn2.aarch64
kernel-headers-4.14.133-113.112.amzn2.aarch64
kernel-debuginfo-common-aarch64-4.14.133-113.112.amzn2.aarch64
perf-4.14.133-113.112.amzn2.aarch64
perf-debuginfo-4.14.133-113.112.amzn2.aarch64
python-perf-4.14.133-113.112.amzn2.aarch64
python-perf-debuginfo-4.14.133-113.112.amzn2.aarch64
kernel-tools-4.14.133-113.112.amzn2.aarch64
kernel-tools-devel-4.14.133-113.112.amzn2.aarch64
kernel-tools-debuginfo-4.14.133-113.112.amzn2.aarch64
kernel-devel-4.14.133-113.112.amzn2.aarch64
kernel-debuginfo-4.14.133-113.112.amzn2.aarch64
i686:
kernel-headers-4.14.133-113.112.amzn2.i686
src:
kernel-4.14.133-113.112.amzn2.src
x86_64:
kernel-4.14.133-113.112.amzn2.x86_64
kernel-headers-4.14.133-113.112.amzn2.x86_64
kernel-debuginfo-common-x86_64-4.14.133-113.112.amzn2.x86_64
perf-4.14.133-113.112.amzn2.x86_64
perf-debuginfo-4.14.133-113.112.amzn2.x86_64
python-perf-4.14.133-113.112.amzn2.x86_64
python-perf-debuginfo-4.14.133-113.112.amzn2.x86_64
kernel-tools-4.14.133-113.112.amzn2.x86_64
kernel-tools-devel-4.14.133-113.112.amzn2.x86_64
kernel-tools-debuginfo-4.14.133-113.112.amzn2.x86_64
kernel-devel-4.14.133-113.112.amzn2.x86_64
kernel-debuginfo-4.14.133-113.112.amzn2.x86_64
Additional References
Red Hat: CVE-2019-1125
Mitre: CVE-2019-1125
Related
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2019-08-06 00:00:00
Unbreakable Enterprise kernel security update
2019-09-09 00:00:00
Unbreakable Enterprise kernel security update
2019-08-06 00:00:00
nessus
nessus
Amazon Linux AMI : kernel (ALAS-2019-1253)
2019-08-12 00:00:00
RHEL 6 : kernel (RHSA-2019:2695)
2019-09-11 00:00:00
Amazon Linux 2 : kernel (ALAS-2019-1253)
2019-08-12 00:00:00
cisa
cisa
SWAPGS Spectre Side-Channel Vulnerability
2019-08-06 00:00:00
exploitpack
exploitpack
Windows Kernel - Information Disclosure
2020-01-27 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2020-01-27 12:27:53
fedora
fedora
[SECURITY] Fedora 29 Update: kernel-headers-5.2.7-100.fc29
2019-08-11 01:43:14
[SECURITY] Fedora 29 Update: kernel-tools-5.2.7-100.fc29
2019-08-11 01:43:14
[SECURITY] Fedora 30 Update: kernel-tools-5.2.7-200.fc30
2019-08-11 01:15:14
thn
thn
SWAPGS Attack — New Speculative Execution Flaw Affects All Modern Intel CPUs
2019-08-06 20:00:00
redhat
redhat
(RHSA-2019:3011) Moderate: Red Hat Virtualization security, bug fix, and enhancement update
2019-10-10 14:48:00
(RHSA-2019:2695) Moderate: kernel security and bug fix update
2019-09-10 09:57:53
(RHSA-2019:2600) Important: kernel security and bug fix update
2019-09-03 13:19:05
openvas
openvas
Ubuntu: Security Advisory (USN-4096-1)
2019-08-14 00:00:00
Greenbone OS - 'Spectre SWAPGS' Gadget Vulnerability (Aug 2019)
2019-08-26 00:00:00
Fedora Update for kernel-headers FEDORA-2019-e37c348348
2019-08-12 00:00:00
veracode
veracode
Information Disclosure
2019-08-14 00:12:16
mscve
mscve
Windows Kernel Information Disclosure Vulnerability
2019-08-06 07:00:00
kaspersky
kaspersky
KLA11696 OSI vulnerability in Microsoft products (ESU)
2019-08-06 00:00:00
KLA11700 OSI vulnerability in Microsoft products (ESU)
2019-08-06 00:00:00
KLA11529 Windows Kernel Information Disclosure Vulnerability
2019-08-06 00:00:00
ubuntu
ubuntu
Linux kernel (AWS) vulnerability
2019-08-13 00:00:00
Linux kernel vulnerabilities
2019-08-13 00:00:00
Linux kernel (Xenial HWE) vulnerabilities
2019-08-13 00:00:00
huawei
huawei
redhatcve
redhatcve
CVE-2019-1125
2019-11-04 16:10:42
threatpost
threatpost
New SWAPGS Side-Channel Attack Bypasses Spectre and Meltdown Defenses
2019-08-07 13:55:07
zdt
zdt
Windows Kernel - Information Disclosure Vulnerability
2020-02-15 00:00:00
amazon
amazon
Medium: kernel
2019-08-05 17:40:00
exploitdb
exploitdb
Microsoft Windows Kernel - Information Disclosure
2020-01-27 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2019-09-18 20:39:01
kernel, perf, python security update
2019-08-16 21:55:43
mageia
mageia
Updated kernel packages fix security vulnerabilities
2019-08-13 00:08:18
Updated kernel packages fix security vulnerabilities
2019-08-13 00:08:18
Updated kernel-linus packages fix security vulnerabilities
2019-11-20 00:16:53
prion
prion
Information disclosure
2019-09-03 18:15:00
ubuntucve
ubuntucve
CVE-2019-1125
2019-08-06 00:00:00
debiancve
debiancve
CVE-2019-1125
2019-09-03 18:15:00
cve
cve
CVE-2019-1125
2019-09-03 18:15:00
f5
f5
K31085564 : Spectre SWAPGS gadget vulnerability CVE-2019-1125
2019-08-23 00:00:00
virtuozzo
virtuozzo
lenovo
lenovo
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2019-08-14 06:12:49
suse
suse
Security update for the Linux Kernel (important)
2019-08-16 00:00:00
Security update for the Linux Kernel (important)
2019-08-16 00:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-2.0-0175
2019-09-10 00:00:00
Critical Photon OS Security Update - PHSA-2019-0175
2019-09-03 00:00:00
Critical Photon OS Security Update - PHSA-2019-0250
2019-09-03 00:00:00
debian
debian
[SECURITY] [DLA 1884-1] linux security update
2019-08-14 00:16:24
[SECURITY] [DSA 4495-1] linux security update
2019-08-10 21:15:57
[SECURITY] [DSA 4495-1] linux security update
2019-08-10 21:15:57
cloudfoundry
cloudfoundry
USN-4095-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2019-08-29 00:00:00
USN-4094-1: Linux kernel vulnerabilities | Cloud Foundry
2019-09-30 00:00:00
osv
osv
linux - security update
2019-08-10 00:00:00
linux - security update
2019-08-13 00:00:00
linux-4.9 - security update
2019-08-13 00:00:00
ibm
ibm
Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to Using Components with Known Vulnerabilities
2020-10-28 17:16:55
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-ze
2020-07-24 21:16:35
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-ze
2020-07-24 21:16:35
fortinet
fortinet
Meltdown and Spectre class vulnerabilities
2019-08-26 00:00:00
mskb
mskb
July 9, 2019—KB4507464 (Security-only update)
2019-08-06 07:00:00
July 9, 2019—KB4507461 (Security-only update)
2019-08-06 07:00:00
July 9, 2019—KB4507456 (Security-only update)
2019-08-06 07:00:00
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7 High
AI Score
Confidence
High
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
52.7%
Related for ALAS2-2019-1253