= SWAPGS (security vulnerability) =

SWAPGS, also known as Spectre variant 1, is a computer security vulnerability that utilizes the branch prediction used in modern microprocessors. Most processors use a form of speculative execution, this feature allows the processors to make educated guesses about the instructions that will most likely need to be executed in the near future. This speculation can leave traces in the cache, which attackers use to extract data using a timing attack, similar to side-channel exploitation of Spectre.

The Common Vulnerabilities and Exposures ID issued to this vulnerability is .

== History ==
SWAPGS is closely related to the Spectre-V1 vulnerability, which used similar side-channel vulnerabilities to access privileged cache memory in an operating system. The vulnerability was discovered by Andrei Vlad Lutas of Bitdefender and was reported to Intel. Intel coordinated with industry partners to address the issue on a software level. The first patches for SWAPGS were released on 9 July 2019 as part of the Microsoft Patch Tuesday. However, details regarding the vulnerability were not disclosed until 6 August 2019.

SWAPGS itself is an instruction to swap the GSBase register with a value stored in MSR. This is typically used to store kernel data.

== Affected systems ==
Any Intel-based processor that support SWAPGS and WRGSBASE instructions is affected. This includes every Intel processor starting from the Intel Ivy Bridge CPUs up to the most recent Intel processors.

Devices equipped with AMD processors are not affected, according to the company's product security update.

== Mitigation ==
For Windows operating system-based devices, Microsoft's security advisory lists the patches released in July 2019, which fix the vulnerability.

For Linux distributions, it is advised to check whether there are SWAPGS-specific patches that need to be applied. The kernel documentation describes the nature of the attacks and the in-kernel mitigations.

Bitdefender mentions in its original report that Apple devices are unlikely to be at risk.

== See also ==
- Foreshadow (security vulnerability)
- Microarchitectural Data Sampling − another set of vulnerabilities, including ZombieLoad, that can leak data in Intel microprocessors
- Rogue System Register Read (RSRR) – a related vulnerability, also known as Variant 3a
- Transient execution CPU vulnerabilities
