Intel processors now affected by new flaw called Lazy FP State Restore

Intel processors have reportedly been affected by a new flaw, dubbed as the Lazy FP State Restore, patches for which are already in the works. Though unlike the infamous Spectre and Meltdown vulnerabilities, the latest issue is thankfully not a hardware issue and is rated as having a moderate security impact on systems.

Now, this suggests it can be fixed by easily by rolling out patches for the OS. Red Hat is reportedly working on a fix for the same, and it seems the vulnerability will be patched at the Linux Kernel level as well. According to Red Hat, the new vulnerability is like other recent side-channel security vulnerabilities just like Spectre. However, it does not pose as big a threat as it does not require microcode updates.

In case you didn’t know, Red Hat is the top open-source software company who’ve become popular for their Red Hat Enterprise Linux (RHEL) operating system. The company is always quick to address newly found security flaws that not only affect its enterprise-ready operating system, but for the whole Open Source and Free Software community.

Meanwhile, Intel has also acknowledged the Lazy FP State restore vulnerability and has thanked users who discovered this flaw. These include Julian Stecklina from Amazon Germany, Thomas Prescher from Cyberus Technology GmbH, Zdenek Sojka from SYSGO AG, and Colin Percival.

“System software may utilize the Lazy FP state restore technique to delay the restoring of state until an instruction operating on that state is actually executed by the new process. Systems using Intel Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel,” explained Intel.

It’s also worth noting that the issue is only limited to Intel-made processors, and not processors manufactured by AMD. All Intel processors starting with Sandy Bridge are hit by the issue, implying that a lot users must have been affected by this vulnerability.

Source

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.