CVE-2019-1125 Information

Description

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1071 CVE-2019-1073.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-en https://access.redhat.com/errata/RHBA-2019:2824 https://access.redhat.com/errata/RHBA-2019:3248 https://access.redhat.com/errata/RHSA-2019:2600 https://access.redhat.com/errata/RHSA-2019:2609 https://access.redhat.com/errata/RHSA-2019:2695 https://access.redhat.com/errata/RHSA-2019:2696 https://access.redhat.com/errata/RHSA-2019:2730 https://access.redhat.com/errata/RHSA-2019:2899 https://access.redhat.com/errata/RHSA-2019:2900 https://access.redhat.com/errata/RHSA-2019:2975 https://access.redhat.com/errata/RHSA-2019:3011 https://access.redhat.com/errata/RHSA-2019:3220 https://kc.mcafee.com/corporate/index?page=content&id=SB10297 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125 https://www.synology.com/security/advisory/Synology_SA_19_32

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.5