A new Intel Core processor flaw has come to light. The Lazy FP state restore flaw is of 'moderate severity' and is another speculative execution vulnerability, like the infamous Spectre flaw that dominated computer security news about six months ago. In theory, the Lazy FP state restore technique can allow hackers to swipe data from your Intel Core-powered machine, as it allows the floating point (FP) registers to be leaked from one process to another.
Intel explains the issue as follows: "System software may utilize the Lazy FP state restore technique to delay the restoring of state until an instruction operating on that state is actually executed by the new process. Systems using Intel Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel." The speculative execution vulnerability rears its head when software opts to utilize Lazy FP state restore instead of eager save and restore of the state, upon a context switch. Thus it can be used as a vector to grab data from running applications, even encryption programs and similar.
The Lazy FP state flaw is rather difficult for a hacker to use and it is easy to fix, and this is probably why it is labelled as a 'Moderate' severity problem. If you are running a modern version of Windows, Linux, OpenBSD or similar, then you will already be protected from the exploitation of this vulnerability. However, it is noted that Windows Server 2008 needs a patch, and one is on the way. Unlike previous CPU related bugs there is no requirement for a microcode update.
If you would like to read a more in depth explanation of the Lazy FP state flaw (CVE-2018-3665) it is worth a look at the Red Hat Linux knowledgebase post on the topic. This post includes the important fact that fixing the flaw doesn't have any adverse affect on system performance.