Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-1125

CWE-38517 documents11 sources

Severity

5.6MEDIUM

EPSS

17.2%

top 4.98%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1703 +32 more

Timeline

PublishedSep 3

Latest updateMay 24

Description

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to …

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0

Affected Packages33 packages

▶CVEListV5microsoft/windows_server_201910.0.0 — publication

▶CVEListV5microsoft/windows_server_2019_(server_core_installation)10.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1709_for_32-bit_systems10.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_32-bit_systems10.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_x64-based_systems10.0.0 — publication

Also affects: Enterprise Linux 7.7

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-r79p-pw9q-gxrc: An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Informatio↗2022-05-24

▶

CVEList

Windows Kernel Information Disclosure Vulnerability↗2019-09-03

▶

OSV

CVE-2019-1125: An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory↗2019-09-03

▶

OSV

linux, linux-hwe, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities↗2019-08-13

▶

Kernel

Merge branch 'x86/grand-schemozzle' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip↗2019-08-06

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows Kernel - Information Disclosure↗2020-01-27

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Xenial HWE) vulnerabilities↗2019-08-13

▶

Ubuntu

Linux kernel vulnerabilities↗2019-08-13

▶

Ubuntu

Linux kernel vulnerabilities↗2019-08-13

▶

Ubuntu

Linux kernel vulnerabilities↗2019-08-13

▶

Ubuntu

Linux kernel (AWS) vulnerability↗2019-08-13

▶

💬Community

Bugzilla

CVE-2019-1125 kernel: hw: Spectre SWAPGS gadget vulnerability [fedora-all]↗2019-08-06

▶

Bugzilla

CVE-2019-1125 kernel: hw: Spectre SWAPGS gadget vulnerability↗2019-06-27

▶