14 DAY TRIAL // A few minutes ago, Red Hat has provided Softpedia with several resources and an official statement around the impact of a new publicly disclosed speculative execution security vulnerability affecting modern microprocessors.
Red Hat is the top open-source software company known for their Red Hat Enterprise Linux (RHEL) operating system, and they're always quick to address newly discovered security vulnerabilities that not only affect its enterprise-ready operating system but the entire Open Source and Free Software community.
Many modern microprocessors leverage the "lazy restore" function for floating point state (FPU), which is used, when needed, to improve the overall performance of the system when saving and restoring the state of apps in the internal memory when switching from one application to another.
A new speculative execution security vulnerability was publicly disclosed today, affecting modern microprocessors. Known as Lazy State Save/Restore or Lazy FPU Save/Restore and identified as CVE-2018-3665, the vulnerability could allow attackers to obtain information about an app's activity, including encryption operations.
"CVE-2018-3665, also known as Floating Point Lazy State Save/Restore, is another speculative execution vulnerability that affects some commonly deployed modern microprocessors," said said Jon Masters, Computer Architect, Red Hat. "Red Hat is collaborating with our industry partners on optimized mitigation patches, which will be available via our normal software release mechanism."
It's similar to other recent side-channel security vulnerabilities
According to Red Hat, the "Lazy FPU Save/Restore" speculative execution security vulnerability is similar to other recent side-channel security vulnerabilities that we know as Spectre, which already has no less than four variants. However, Red Hat has rated this vulnerability as having a moderate security impact and said that it doesn't require microcode updates.
The company is already working on a kernel patch and promises to release mitigations for its affected Red Hat Enterprise Linux operating systems in the shortest time possible, urging users to apply software updates as soon as these are available and encouraging all organizations to follow the coordinated disclosure of the vulnerability.
Update 16/06/18: Red Hat released a kernel patch for the "Lazy FPU Save/Restore" speculative execution security vulnerability for its Red Hat Enterprise Linux 7 operating system series. Please update your installations as soon as possible!