CVE-2019-1125

Windows Kernel Information Disclosure Vulnerability

Severity Score

5.6

*CVSS v3.1

Exploit Likelihood

15.1%

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further.
On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125.
Microsoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM.

Se presenta una vulnerabilidad de divulgación de información cuando ciertas unidades de procesamiento central (CPU) acceden especulativamente a la memoria, también conocida como "Windows Kernel Information Disclosure Vulnerability". El ID de este CVE es diferente de CVE-2019-1071, CVE-2019-1073.

A Spectre gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel.

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further. On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125. Microsoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM.

Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-11-26 CVE Reserved
2019-08-07 CVE Published
2020-01-27 First Exploit
2024-08-04 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (22)

URL	Tag	Source
http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of...	X_refsource_misc
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200...	X_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10297	X_refsource_confirm
https://www.synology.com/security/advisory/Synology_SA_19_32	X_refsource_confirm

1 - 4 of 4

URL	Date	SRC
https://packetstorm.news/files/id/156337	2020-02-14
https://www.exploit-db.com/exploits/48071	2020-01-27
https://github.com/bitdefender/swapgs-attack-poc	2024-09-06

1 - 3 of 3

URL	Date	SRC
https://portal.msrc.microsoft.com/en-US/security-guidance/advis...	2024-05-29

1 - 1 of 1

URL	Date	SRC
https://access.redhat.com/errata/RHBA-2019:2824	2024-05-29
https://access.redhat.com/errata/RHBA-2019:3248	2024-05-29
https://access.redhat.com/errata/RHSA-2019:2600	2024-05-29
https://access.redhat.com/errata/RHSA-2019:2609	2024-05-29
https://access.redhat.com/errata/RHSA-2019:2695	2024-05-29
https://access.redhat.com/errata/RHSA-2019:2696	2024-05-29
https://access.redhat.com/errata/RHSA-2019:2730	2024-05-29
https://access.redhat.com/errata/RHSA-2019:2899	2024-05-29
https://access.redhat.com/errata/RHSA-2019:2900	2024-05-29
https://access.redhat.com/errata/RHSA-2019:2975	2024-05-29

1 - 10 of 14

Affected Vendors, Products, and Versions (26)

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Windows 10 Search vendor "Microsoft" for product "Windows 10"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows 10 Search vendor "Microsoft" for product "Windows 10"				1607 Search vendor "Microsoft" for product "Windows 10" and version "1607"		-		Affected
Microsoft Search vendor "Microsoft"		Windows 10 Search vendor "Microsoft" for product "Windows 10"				1703 Search vendor "Microsoft" for product "Windows 10" and version "1703"		-		Affected
Microsoft Search vendor "Microsoft"		Windows 10 Search vendor "Microsoft" for product "Windows 10"				1709 Search vendor "Microsoft" for product "Windows 10" and version "1709"		-		Affected
Microsoft Search vendor "Microsoft"		Windows 10 Search vendor "Microsoft" for product "Windows 10"				1803 Search vendor "Microsoft" for product "Windows 10" and version "1803"		-		Affected
Microsoft Search vendor "Microsoft"		Windows 10 Search vendor "Microsoft" for product "Windows 10"				1809 Search vendor "Microsoft" for product "Windows 10" and version "1809"		-		Affected
Microsoft Search vendor "Microsoft"		Windows 10 Search vendor "Microsoft" for product "Windows 10"				1903 Search vendor "Microsoft" for product "Windows 10" and version "1903"		-		Affected
Microsoft Search vendor "Microsoft"		Windows 7 Search vendor "Microsoft" for product "Windows 7"				-		sp1		Affected
Microsoft Search vendor "Microsoft"		Windows 8.1 Search vendor "Microsoft" for product "Windows 8.1"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows Rt 8.1 Search vendor "Microsoft" for product "Windows Rt 8.1"				-		-		Affected

1 - 10 of 26