14 DAY TRIAL // Intel processors have been hit by yet another vulnerability, this time dubbed Lazy FP state restore, and patches are already in the works.
Details about the vulnerability are scarce, as they should be, but as Marius Nestor pointed out in a recent report, Red Hat is already working on a patch. And they were willing to share a little bit more information about the problem.
Lately, it seems that Intel simply can’t catch a break, and the vulnerabilities are piling on and on. To be fair, the fault lies with Intel and not with the people who discover them. There is some good news if that’s even possible. The vulnerability seems to only affect Intel processor and not AMD.
Patches incoming
Unlike Spectre and Meltdown, this latest problem is not a hardware issue, which means that it can be fixed with patches in the operating system. As I said before, Red Hat is already working on a fix, and it’s very likely that it’s going to be patched at the Linux kernel level as well.
Of course, Microsoft and Apple are not much behind with their own solutions and will release patches as soon as possible.
So, what is this problem exactly? This is how Intel describes it. “System software may utilize the Lazy FP state restore technique to delay the restoring of state until an instruction operating on that state is actually executed by the new process. Systems using Intel Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel.”
All processors starting with Sandy Bridge are affected by the issue, so there are lots of people that should be interested in fixing this vulnerability. Furthermore, the part it says that it the vulnerability can be used to access sensitive information actually refers to encrypted data, which is a bad thing.
In any case, it’s good to know that Intel has acknowledged the problem, and they have already extended their thanks to the people who found the vulnerability, Julian Stecklina from Amazon Germany, Thomas Prescher from Cyberus Technology GmbH, Zdenek Sojka from SYSGO AG, and Colin Percival.