Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission + - Intel X86 Processors Affected By Lazy FPU Save/Restore Security Flaw (hothardware.com) 1

MojoKid writes: A newly discovered vulnerability in some Intel X86 processors has been revealed that affects speculative execution – like Specter and Meltdown – and can be used to access sensitive information, including encryption related data. Over the last day or two, patches have quietly rolled out for some operation systems, but multiple open source OS vendors have just revealed the underlying details. The vulnerability, which is being called "Lazy FPU Save/Restore," was assigned a moderate rating by RedHat and an ID of CVE-2018-3665 in its solutions database. As its name suggests, the exploit leverages the "lazy state restore" feature in Intel Sandy Bridge and newer processors. During a task switch, the first FP instruction executed by a process generates a "Device not Available (DNA)" exception; the DNA exception handler then saves the current FPU context into the old task's state save area and loads the new FPU context for the current process. A newly scheduled task can then leverage the exploit to infer the FP register state of another task, and access sensitive user information that would normally be protected. In short, it smells a lot like Spectre but from a different threat vector with respect to the FPU, or Floating Point Unit on board the processor. Reportedly, AMD processors are not affected with this vulnerability and it's not clear if Windows has the same issue.
This discussion was created for logged-in users only.

Intel X86 Processors Affected By Lazy FPU Save/Restore Security Flaw

Comments Filter:

Any sufficiently advanced technology is indistinguishable from a rigged demo.