Bitdefender's researchers found that a chip instruction known as SWAPGS made it possible to revive the side channel, even on systems that had the earlier mitigations installed. SWAPGS gets called when a computing event switches from a less-trusted userland function to a more sensitive kernel one. Proof-of-concept exploits developed by Bitdefender invoked the instruction to siphon contents normally restricted to kernel memory into user memory.Bitdefender says Windows is vulnerable but noted that an attack was "unfeasible" on systems running Linux, Unix, or FreeBSD, or macOS. It's also not possible to execute the attack via JavaScript, so a drive-by attack via a website is unfeasible too. It's unknown if this fix comes with another performance hit. Full details at ARS Technica.
"What we have found is a way to exploit the SWAPGS instruction which switches from userland to kernel mode in such a way that we could... carry out a side-channel attack," Bogdan Botezatu, Bitdefender's director of threat research and reporting, told Ars. "By doing that, we are going to leak kernel memory into the user space even if there are security measures that should prevent us from doing that."
Microsoft rolls out patch for new speculative-execution flaw in Intel CPUs
Posted on Wednesday, August 07 2019 @ 10:54 CEST by Thomas De Maesschalck