Intel Issues Advisory on Lazy Floating Point Speculative Execution Flaw
This week, yet another speculative execution processor vulnerability was uncovered, namely "lazy floating point (FP) state save/restore."
US-CERT on Wednesday issued an advisory, pointing to Intel's security advisory, which rated the lazy FP state issue as "moderate" in severity. This flaw goes by the common vulnerability name of CVE-2018-3665.
The lazy FP state save/restore issue can result in information disclosure and it affects Intel Core microprocessors. The flaw is not associated with AMD processors, according to an AMD spokesperson.
"Based on our analysis to-date, we do not believe our products are susceptible to the recent security vulnerability identified around lazy FPU [floating point unit] switching," the AMD spokesperson stated in a Thursday e-mail.
The flaw depends on the configurations that were made by the system software builder, and whether or not the operating system opts to use "Lazy FP state restore instead of eager save and restore," according to Intel's explanation. Intel's remediation recommendations were directed to system software developers, offering them some settings changes to make, so presumably any patches to come will originate from system software vendors.
System software developer Red Hat is actively addressing the issue, stating that Red Hat Enterprise Linux 6 and earlier versions are affected by the lazy FP state save/restore issue. The issue doesn't affect Red Hat Enterprise Linux 7 systems.
Here's how Red Hat explained the lazy FP state save/restore problem:
Red Hat has been made aware of an issue where operating systems and virtual machines running on common modern (x86) microprocessors may elect to use "lazy restore" for floating point state when context switching between application processes instead of "eagerly" saving and restoring this state. Exploitation of lazy floating point restore could allow an attacker to obtain information about the activity of other applications, including encryption operations. The underlying vulnerability affects CPU speculative execution similar to other recent side channel vulnerabilities. In this latest vulnerability, one process is able to read the floating point registers of other processes being lazily restored.
Speculative execution is a normal operation of computer processors that's used to speed up processes by anticipating the next steps to be taken by the operating system kernel. However, researchers in January publicized that information could be disclosed through side-channel analysis methods. They described three speculative execution side-channel attack methods, which they categorized as "Meltdown" and "Spectre" variants. Later, they added a fourth variant to the list.
The Meltdown and Spectre attack methods are addressed by applying firmware (also known as "microcode") patches to the processor, but operating system patches are needed as well.
It seems that the lazy FP state save/restore issue is remedied simply through operating system patches. Red Hat promised it will release updates to Red Hat Enterprise Linux 6 systems that will address the flaw by changing the floating point behavior settings.
Other operating system makers haven't piped up much about the issue, so it's unclear if other systems are similarly affected.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.