Intel has warned of another side-channel attack against its Core family processors, though of considerably lower severity than Meltdown or Spectre: Lazy FP state restoration exploitation.
Similar in concept to the wide-reaching Meltdown and Spectre vulnerabilities, though rated only as a moderate severity flaw by Intel, Lazy FP state restoration is - as is common with these attacks - a means for developers to squeeze additional performance out of compatible Intel processors. However, as with the performance-boosting techniques which led to Meltdown and Spectre, there's a problem: It's possible for software running on an operating system which uses Lazy FP switching to increase floating-point unit (FPU) performance to obtain access to data it should not, including cryptographic keys.
Discovered and privately disclosed by Amazon's Julian Stecklina and Cyberus Technology's Thomas Prescher earlier this year, and originally scheduled for public announcement in August until leaks pushed the announcement date up, the vulnerability is exploitable only when the operating system is configured to use lazy rather than eager FPU switching instructions. For Windows, that was the case up until Microsoft released a patch switching to eager FPU switching earlier this week; the Linux kernel version 4.9, first released in 2016, is already protected, while backported patches are beginning to land for older but still-supported kernel releases - likely a major factor in Intel's categorisation of the flaw as medium severity.
While the white paper has, Cyberus Technology's announcement claims, been withheld temporarily at Intel's request, anyone running a Core-branded processor or newer is advised to check their operating system or hypervisor for a patch to guard against exploitation of the vulnerability.
More information is available on from Intel's security announcement.
May 15 2020 | 11:00