Intel CPUs Affected By Yet Another Speculative Execution Flaw

Security researchers from Amazon and Cyberus Technologies jointly discovered one of the eight second-generation Spectre flaws, which they dubbed “LazyFP” (CVE-2018-3665) because the vulnerability targets CPUs that use lazy floating point unit (FPU) switching.

Spectre Flaws Strike Again

Intel hadn’t even properly finished releasing patches to OEMs for the first generation of Spectre flaws before rumors about eight more Intel CPU vulnerabilities that affected speculative execution started appearing. According to reports, Intel has been pressing the researchers to delay their disclosure of the bugs, which is why we have yet to see all of them.

The disclosure of LazyFP, another speculative execution flaw, was also initially postponed till August. However, due to rumors of what the flaw may be, the researchers thought they needed to disclose it now, before malicious actors discover what the flaw is and start exploiting it in secret.

By disclosing it now, the researchers have put pressure on Intel to release a patch quickly to OEMs. (Users would likely still have to get firmware updates that include those patches from their motherboard or laptop manufacturers.)

Why Intel’s LazyFP Flaw Is Dangerous

Operating systems and virtual machines running on Intel Core processors may make use of “lazy restore” for floating point state when context switching between application processes, instead of “eagerly” saving and restoring this state.

Attackers that exploit this flaw could obtain information about the activity of other applications, including encryption operations. The flaw affects speculative execution on Intel CPUs similarly to other recent Spectre vulnerabilities.

Mitigation

Intel recommended system software developers to enable the Eager FP state restore instead of the Lazy FP state restore. The company didn’t mention whether or not it will release a patch to fix the flaw in the future. Right now it seems to rely on developers' action to protect PC users.

As with the majority of Spectre flaws, the only long-term solution is going to be changing the CPU architecture. Intel can try to patch speculative execution here and there, but we’ll probably continue to see new such flaws pop-up in the future until the issue is fixed at the core of Intel’s architecture.

Create a new thread in the News comments forum about this subject
19 comments
Comment from the forums
    Your comment
  • JamesSneed
    Fun times for those having to patch entire data centers of servers each time one of thee flaws are found. Intel is costing customers a ton of money. I would ask for a rebate if I ran a data center.
  • DookieDraws
    Intel asked researchers to delay their disclosure of the bugs? That's pretty messed up, if you ask me. I guess Intel was more concerned about losing potential sales of their CPUs, than looking out for our best interest.

    I wonder if the soon-to-be-released 8-core CPUs, will be affected?
  • Brian28
    DOOKIEDRAWS: the companies often ask for a delay so they have time to create, test, and deploy a patch. Researchers who publish without delays create a risk that hackers will figure out how to use the vulnerability before a patch exists, which is not in our best interest, either. In this case the cat was out of the bag, due to rumors, so the researchers published anyways. But in most cases, having a published report at the same time as the patch is ready means users get the patch installed more quickly, which is better than users panicking when the report comes out with no patch, followed by inaction when the patch comes out months later.