CVE-2019-1125

Name of the Vulnerable Software and Affected Versions Windows (affected versions not specified) Intel CPUs (affected versions not specified) AMD CPUs (affected versions not specified) ARM CPUs (affected versions not specified) Linux (affected versions not specified)

Description An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further. This vulnerability is a variant of the Spectre Variant 1 speculative execution side channel vulnerability.

Recommendations Apply the security update released by Microsoft on July 9, 2019, which addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. For Linux, ChromeOS, and Windows, apply the proposed method of protection that is effective against this vulnerability. As a temporary workaround, consider restricting access to sensitive information and limiting the use of affected systems until a patch is applied.