Home

Jun 16, 2018

Another Vulnerability In Intel CPUs – Dubbed Lazy FP State Restore


Hardware vulnerabilities seem to be much more prominent of late. Recently, another hardware vulnerability was found in Intel CPUs that would allow hackers to steal data from systems containing the affected chips. The newly discovered vulnerability is a side-channel speculative execution vulnerability, the vulnerability has been termed as Lazy FP State Restore vulnerability.

Category:IT 
Posted by: Admin

Hardware vulnerabilities seem to be much more prominent of late. Recently, another hardware vulnerability was found in Intel CPUs that would allow hackers to steal data from systems containing the affected chips. The newly discovered vulnerability is a side-channel speculative execution vulnerability, the vulnerability has been termed as Lazy FP State Restore vulnerability.

Lazy FP State Restore Vulnerability Detected in Intel CPUs
As disclosed by Intel in a release on Wednesday, a group of researchers found another vulnerability in Intel chips. Similar to Meltdown and Spectre, this vulnerability also exploits speculative execution of the processor, allowing access to sensitive and encrypted data.

The researchers include Thomas Prescher (Cyberus Technology GmbH), Julian Stecklina (Amazon Germany), Zdenek Sojka (SYSGO AG) who reported this problem in detail. According to what they found, this vulnerability exists in the Floating Point Unit (FPU) of the processors that work to restore systems current state and switch between processes.

Most modern CPUs use Lazy FP State Restore technique to hold the current state of applications for restoring some time later as needed (hence named as ‘lazy’ state restore). The bug here deals with the way floating points are calculated and leaks information during switching of processes. Hence, a hacker could access information about the activity of other applications along with encryption operations.

As stated in Intel’s official statement,

Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value.

The Vulnerability Affects All Intel Core-based Microprocessors
Assigned as CVE-2018-3665, the newly discovered vulnerability is similar to Meltdown Variant 3a.

For now, Intel recommends using Eager FPU over Lazy Restore.

For relevant states (e.g. x87, SSE, AVX, etc.), Intel recommends system software developers utilize Eager FP state restore in lieu of Lazy FP state restore.

The Lazy FP State Restore vulnerability affects all Intel Core-based microprocessors. Microsoft confirms that Lazy Restore is active in all Windows versions by default. There is no way to disable this feature. However, it does not affect systems with ARM and AMD processors. So, Azure users will remain secure from this bug. Likewise, for Linux, those versions using Eager FPU also remain unaffected.

authorarticle: Master3395

image: 

sources: latesthackingnews.com

keywords: Intel, intel CPU vulnerability, intel hack, Lazy FP State Restore, LazyFP

Previous Article
Next Article
Discord

Page 1 of 336  >  >>

Now the October update for Windows 10 rolls out

windows10.jpg

Nov 21, 2018 | Category: Microsoft | Comments

Finally - here are the improvements.

Microsoft has had a very hard time rolling out the October update to Windows 10 (version 1809), but now it seems that the pieces fall into place.

read more…

Female is reported to have reset her iPhone under investigation

police-iphone.jpeg

Nov 20, 2018 | Category: Apple | Comments

The phone was used for evidence purposes in a shooting event.

Often information that can be retrieved from phones relevant to the police is being investigated in a criminal case. Such important information can be a lot of things, including an overview of contacts and possible planning of crime - largely the most likely to help criminalize a person.

read more…

CloudFlare's privacy app is here

cloudflare-1.1.1.1-ios-android.png

Nov 19, 2018 | Category: IT | Comments

Free and available now for iOS and Android.

It's been several months since the networking giant Cloudflare showed the DNS service 1.1.1.1 that focuses on privacy, readily available to consumers. Now the application is available for free for Apple devices and Android.

read more…

Page 1 of 336  >  >>