Project:Security/Vulnerabilities/Spectre SWAPGS gadget vulnerability

Summary
Gentoo Linux has been made aware of an additional Spectre V1 like attack vector, requiring updates to the Linux kernel.

Spectre SWAPGS gadget vulnerability (CVE-2019-1125) allows an unprivileged local attacker to bypass conventional memory security restrictions to gain read access to privileged memory that would otherwise be inaccessible.

Resolution
There is no known complete mitigation other than updating the kernel and rebooting the system. This kernel patch builds on existing spectre mitigations.

Known performance impact
First tests with SWAPGS mitigation have shown to cause a performance impact. Benchmarks being worked on.