5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
52.7%
An information disclosure vulnerability exists when certain central
processing units (CPU) speculatively access memory, aka ‘Windows Kernel
Information Disclosure Vulnerability’. This CVE ID is unique from
CVE-2019-1071, CVE-2019-1073.
Author | Note |
---|---|
tyhicks | This issue is not believed to be exploitable in the Linux kernel but kernel updates will be made available to ensure that it cannot be exploited Kernel updates will soon be available for testing in the Proposed pocket and they are expected to be officially released on August 12th See the following page if you’d like to test the patched kernels from the Proposed pocket: https://wiki.ubuntu.com/Testing/EnableProposed |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-58.64 | UNKNOWN |
ubuntu | 19.04 | noarch | linux | < 5.0.0-25.26 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-159.187 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1045.47 | UNKNOWN |
ubuntu | 19.04 | noarch | linux-aws | < 5.0.0-1012.13 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | < 4.4.0-1054.58) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1090.101 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | < 4.15.0-1045.47~16.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure | < 5.0.0-1014.14~18.04.1 | UNKNOWN |
ubuntu | 19.04 | noarch | linux-azure | < 5.0.0-1014.14 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2019-1125
nvd.nist.gov/vuln/detail/CVE-2019-1125
security-tracker.debian.org/tracker/CVE-2019-1125
ubuntu.com/security/notices/USN-4093-1
ubuntu.com/security/notices/USN-4094-1
ubuntu.com/security/notices/USN-4095-1
ubuntu.com/security/notices/USN-4095-2
ubuntu.com/security/notices/USN-4096-1
www.bitdefender.com/business/swapgs-attack.html
www.cve.org/CVERecord?id=CVE-2019-1125
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
52.7%