“Lazy FPU” vulnerability hits Intel processors

“Lazy FPU” vulnerability hits Intel processors

Spectre and Meltdown opened the doors to a new category of processor vulnerabilities, using speculative execution to conduct side-channel attacks that were considered almost impossible as little as a year ago. Since the reveal of Spectre/Meltdown, several new vulnerability types have emerged, with “Lazy FPU” (CVE-2018-3665) being the latest addition to a growing list of speculative execution exploits.    

CVE-2018-3665, otherwise known as Lazy FPU Save/Restore is a bug that can be used for attackers to obtain information about specific applications, including cryptographic operations, potentially opening up systems to further attacks.

It has been confirmed that this vulnerability only affects Intel processors, specifically processors that use Intel’s Sandy Bridge Architecture or newer. Below is an explanation of the exploit, as detailed by Redhat. This vulnerability has been given a security impact of Moderate.   

operating systems and virtual machines running on common modern (x86) microprocessors may elect to use “lazy restore” for floating point state when context switching between application processes instead of “eagerly” saving and restoring this state.

Exploitation of lazy floating point restore could allow an attacker to obtain information about the activity of other applications, including encryption operations. The underlying vulnerability affects CPU speculative execution similar to other recent side channel vulnerabilities. In this latest vulnerability, one process is able to read the floating point registers of other processes being lazily restored.

Thankfully, the impact of this vulnerability is limited, as all Linux versions since kernel version 4.9, which released in 2016, are protected from this issue. Patches are currently getting backported to older versions of Linux that are affected, switching the OS’ from “Lazy FPU restore” to “eager FPU restore”. An update is also planned for Windows-based operating systems. Microsoft’s security advisory is available to read here. Microsoft has confirmed that their VM customers using Azure are not at risk from this vulnerability.  

This exploit was discovered by Julian Stecklina from Amazon Germany and Thomas Prescher from Cyberus Technology, adding to a list of vulnerabilities that affect Intel more than their rivals.

This outcome should be expected as Intel has a dominant market share in the CPU market, especially within the server space, placing more eyes on the potential holes in Intel’s hardware designs. 

More information about CVE-2018-3665 “Lazy FPU” vulnerability can read more about it on Intel’s security advisory webpage. 
You can join the discussion on Intel’s processors getting hit by a “lazy FPU” vulnerability on the OC3D Forums.