Yet another chip vulnerability has been discovered, CVE-2018-3665, which has been called Floating Point Lazy State Save/Restore. The flaw resides in Intel Core and Xeon processors, and is similar to Spectre since it is a speculative execution flaw.
Details about CVE-2018-3665
CVE-2018-3665 exploits one of the ways the Linux kernel saves and restores the state of Floating Point Unit (FPU) when switching tasks, more particularly the Lazy FPU Restore scheme, researchers explained. Malicious actors can leverage the flaw to grab encryption keys. Fortunately, Linux kernel from kernel version 4.9 and upwards, as well as newer versions of Windows and Windows Server are not affected by this vulnerability.
According to Red Hat the vulnerability is moderate for Red Hat Enterprise Linux users:
Red Hat has been made aware of an issue where operating systems and virtual machines running on common modern (x86) microprocessors may elect to use “lazy restore” for floating point state when context switching between application processes instead of “eagerly” saving and restoring this state. Exploitation of lazy floating point restore could allow an attacker to obtain information about the activity of other applications, including encryption operations.
CVE-2018-3665 affects CPU speculative execution which is similar to other recent side channel flaws, Red Hat says. In terms of this latest vulnerability, one process can read the floating point registers of other processes being lazily restored.
As explained by Jon Masters, a computer architect at Red Hat, CVE-2018-3665, also known as Floating Point Lazy State Save/Restore, is yet another speculative execution vulnerability affecting some commonly deployed modern microprocessors. Apparently, Red Hat is collaborating with their industry partners to release optimized mitigation patches, which will be available via Red Hat’s normal software release mechanism. Red Hat is also providing guidance to their customers about shorter term mitigation options, while working closely with their security researchers, the researcher noted.
Apparently, Windows Server 2008 needs to be patched against CVE-2018-3665. According to the Register, Intel had been planning to go public later this month but this plan changed with the OpenBSD and DragonflyBSD projects publishing details of their own patches. In a statement given to The Register, Intel said:
This issue, known as Lazy FP state restore, is similar to Variant 3a. It has already been addressed for many years by operating system and hypervisor software used in many client and data center products. Our industry partners are working on software updates to address this issue for the remaining impacted environments and we expect these updates to be available in the coming weeks.