facebook rss twitter

Lazy FP state flaw is the latest to hit Intel Core processors

by Mark Tyson on 14 June 2018, 14:11

Tags: Intel (NASDAQ:INTC)

Quick Link: HEXUS.net/qadupg

Add to My Vault: x

A new Intel Core processor flaw has come to light. The Lazy FP state restore flaw is of 'moderate severity' and is another speculative execution vulnerability, like the infamous Spectre flaw that dominated computer security news about six months ago. In theory, the Lazy FP state restore technique can allow hackers to swipe data from your Intel Core-powered machine, as it allows the floating point (FP) registers to be leaked from one process to another.

Intel explains the issue as follows: "System software may utilize the Lazy FP state restore technique to delay the restoring of state until an instruction operating on that state is actually executed by the new process. Systems using Intel Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel." The speculative execution vulnerability rears its head when software opts to utilize Lazy FP state restore instead of eager save and restore of the state, upon a context switch. Thus it can be used as a vector to grab data from running applications, even encryption programs and similar.

The Lazy FP state flaw is rather difficult for a hacker to use and it is easy to fix, and this is probably why it is labelled as a 'Moderate' severity problem. If you are running a modern version of Windows, Linux, OpenBSD or similar, then you will already be protected from the exploitation of this vulnerability. However, it is noted that Windows Server 2008 needs a patch, and one is on the way. Unlike previous CPU related bugs there is no requirement for a microcode update.

If you would like to read a more in depth explanation of the Lazy FP state flaw (CVE-2018-3665) it is worth a look at the Red Hat Linux knowledgebase post on the topic. This post includes the important fact that fixing the flaw doesn't have any adverse affect on system performance.



HEXUS Forums :: 11 Comments

Login with Forum Account

Don't have an account? Register today!
A whole bag of worms were opened when that gentleman found the original flaw!
now its like “oh, Intel….again!” as we are getting used to these stuff.
Has Intel given any dates on when Meltdown/Spectre will be mitigated in hardware,ie,when are the CPUs with such mitigations going to be introduced??
I've not seen any firm dates yet. Mind you not been looking as other flaws will be found…
I really don't think hackers want to be swiping what I'm looking at on an evening.

Poor things will be traumatised for life.