Lazy FP State Restore Vulnerability

Lazy FP State Restore Vulnerability

A vulnerability has been identified in Intel chips that affects processor’s speculative code execution similar to Meltdown and Spectre.  This could potentially can be exploited to gain access to sensitive information and encrypted data.Impact

A system software may utilize the Lazy FP state restore technique to delay the restoring of state until an instruction operating on that state is actually executed by the new process. Systems using Intel® Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state, restore from another process through a speculative execution side channel.[1]

The vulnerability is titled as “” and has been assigned CVE-2018-3665.[2]  Intel has issued an advisory as well.

Most modern CPUs use the Lazy FP State Restore technique to hold the current state of applications for later restoration, if needed.  The bug identified deals with the way floating points are calculated and then leaks information during switching of processes.  Hence, a hacker could access information about the activity of other applications along with encryption operations.  The Lazy FP State Restore vulnerability affects all Intel Core-based microprocessors.  Microsoft confirms that Lazy Restore is active in all Windows versions by default adding that virtual machines, kernel, and processes are affected by this vulnerability.

There is no way to disable this feature. However ARM and AMD processors remain unaffected. Linux, those versions using Eager FPU also remain unaffected.

Mitigation

Microsoft has also published a security advisory,[3] explaining Lazy FP State Restore vulnerability.  Additionally, Microsoft is working on security updates, but they will not be released until the next Patch Tuesday in July 2018. 

Red Hat (Linux) is already working with its industry partners on a patch, which will be rolled out via its standard software release mechanism.  Modern versions of Linux—from kernel version 4.9, released in 2016, and later are not affected by this flaw.  If you are using an older kernel, you are vulnerable to this vulnerability.

Modern versions of Windows, including Server 2016, and latest spins of OpenBSD and DragonflyBSD are not affected by this flaw.

For questions or comments regarding this report, please contact the Lab directly by at 603-606-1246, or feedback@wapacklabs.com

 

[1] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html

[2] https://access.redhat.com/security/cve/cve-2018-3665

[3] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180016

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!