June 14, 2018 at 18:10What is Lazy FP State Restore: a new vulnerability discovered in Intel processors
Image: Unsplash
A new vulnerability has been discovered in Intel processors . The error affecting all models of the Intel Core family was called Lazy FP State Restore (CVE-2018-3665).
What is the problem
According to the published description , the problem is related to the Lazy FPU context switching performance optimization function - it is used by operating systems to save and restore the registers of the Floating Point Unit (FPU). Vulnerability allows a process to access registers and the data in them related to another process.
According to Red Hat's security bulletin, numbers stored in FPU registers could potentially be used to gain access to sensitive information - for example, about the activity of other applications.
Vulnerabilities are affected by all microprocessors, starting with the Sandy Bridge model. AMD processors are not affected by this error.
How to protect yourself
Unlike the Specter vulnerability, in this case, to fix the problem, installing the patch for the OS is enough. The development of security updates, in particular, is the company Red Hat.
In addition, according to Intel, the vulnerability is similar to the error, called Specter Variant 3A (Rogue System Register Read), discovered earlier. This means that in some versions of operating systems and hypervisors it is already fixed.
In turn, Microsoft also published a security bulletin that provides recommendations on minimizing the effects of the Lazy FP State Restore vulnerability. The company said it is working on a patch that will be released the next day, Patch Tuesday, in July.
Lazy FP State Restore is not the first vulnerability discovered in Intel products recently. So in January 2018, information was published about two serious vulnerabilities Meltdown and Specter, and in the spring, researchers discovered eight more vulnerabilities in Intel processors, collectively called Specter-NG .
In addition, Intel Management Engine was widely discussed - Positive Technologies experts spoke about the vulnerability contained in it, which allows attackers to access most of the data and processes on the device.