Intel CPUs Affected By Yet Another Speculative Execution Flaw

News
By Lucian Armasu
published

Security researchers from Amazon and Cyberus Technologies jointly discovered one of the eight second-generation Spectre flaws, which they dubbed “LazyFP” (CVE-2018-3665) because the vulnerability targets CPUs that use lazy floating point unit (FPU) switching.

Spectre Flaws Strike Again

Intel hadn’t even properly finished releasing patches to OEMs for the first generation of Spectre flaws before rumors about eight more Intel CPU vulnerabilities that affected speculative execution started appearing. According to reports, Intel has been pressing the researchers to delay their disclosure of the bugs, which is why we have yet to see all of them.

The disclosure of LazyFP, another speculative execution flaw, was also initially postponed till August. However, due to rumors of what the flaw may be, the researchers thought they needed to disclose it now, before malicious actors discover what the flaw is and start exploiting it in secret.

By disclosing it now, the researchers have put pressure on Intel to release a patch quickly to OEMs. (Users would likely still have to get firmware updates that include those patches from their motherboard or laptop manufacturers.)

Why Intel’s LazyFP Flaw Is Dangerous

Operating systems and virtual machines running on Intel Core processors may make use of “lazy restore” for floating point state when context switching between application processes, instead of “eagerly” saving and restoring this state.

Attackers that exploit this flaw could obtain information about the activity of other applications, including encryption operations. The flaw affects speculative execution on Intel CPUs similarly to other recent Spectre vulnerabilities.

Mitigation

Intel recommended system software developers to enable the Eager FP state restore instead of the Lazy FP state restore. The company didn’t mention whether or not it will release a patch to fix the flaw in the future. Right now it seems to rely on developers' action to protect PC users.

As with the majority of Spectre flaws, the only long-term solution is going to be changing the CPU architecture. Intel can try to patch speculative execution here and there, but we’ll probably continue to see new such flaws pop-up in the future until the issue is fixed at the core of Intel’s architecture.

Lucian Armasu
Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
20 Comments Comment from the forums
  • JamesSneed
    Fun times for those having to patch entire data centers of servers each time one of thee flaws are found. Intel is costing customers a ton of money. I would ask for a rebate if I ran a data center.
    Reply
  • DookieDraws
    Intel asked researchers to delay their disclosure of the bugs? That's pretty messed up, if you ask me. I guess Intel was more concerned about losing potential sales of their CPUs, than looking out for our best interest.

    I wonder if the soon-to-be-released 8-core CPUs, will be affected?
    Reply
  • Brian28
    DOOKIEDRAWS: the companies often ask for a delay so they have time to create, test, and deploy a patch. Researchers who publish without delays create a risk that hackers will figure out how to use the vulnerability before a patch exists, which is not in our best interest, either. In this case the cat was out of the bag, due to rumors, so the researchers published anyways. But in most cases, having a published report at the same time as the patch is ready means users get the patch installed more quickly, which is better than users panicking when the report comes out with no patch, followed by inaction when the patch comes out months later.
    Reply
  • hannibal
    21057242 said:

    I wonder if the soon-to-be-released 8-core CPUs, will be affected?

    Ofcourse it is because it is based on the same architecture. Intel need quite big overhaul, the get rid of these. A couple of years most likely.

    And, yep it is better to ask delay than allow free exploit to hackers in the meanwhile. These are not easy thing to pacth!
    Reply
  • DerekA_C
    Glad AMD is back in the running they will be able to pump out 7nm chips by the beginning of next year that could be more powerful than Intel. IMO if AMD had the time to refine 12nm 5 times like Intel's 14nm they would be faster I am positive of that. Oh lets never forget that AMD was able to pack 8 cores on 28nm tech, 7nm node could leave them room to pack 16 cores on mainstream chips if it were cost effective enough, particularly as they move toward 32 core on HEDT and 64 core on servers. Intel sure got caught with their pants down, they have never fallen behind on node tech before and they have never had such a close competition in almost all computer markets now.

    I pray AMD really hurts Intel this time and I hope people wake up and realize Intel and Nvidia DO NOT care about their customers they care about your wallets and that is it. AMD on the other hand has always been there for the everyday folk, going back 20 years. They now have a really smart and ambitious CEO that doesn't have her head up her own ass because she is also that engineered mind, not a book twat.
    Reply
  • stdragon
    Still no word on if AMD is effected by this. I'm guessing not, but...I'm still waiting for the other shoe to drop.

    If Intel had a clue by now, their entire engineering division has been working round the clock to develop an entirely new x86 architecture and deprecate Core.
    Reply
  • 0InVader0
    AMD CPUs are suddenly looking pretty good.
    Reply
  • bit_user
    I foresee the return of a sort of "turbo mode", which disables all the fixes and mitigations for certain programs (e.g. games, GPU drivers, etc).

    Otherwise, it's looking like we're headed for a few years of CPUs just getting slower and slower.

    What's sad is that x86 has a basic mechanism on which you could build enhanced security. It has 4 "rings" of protection, with normal application programs running in the least secure ring. If application developers could be trusted (and they basically can't) to switch to a more secure ring, for handling sensitive data, then these protections could be limited to only the 3 inner rings. But there's too much legacy software and the tools support just doesn't exist for such software solutions.

    So, what we're left with is basically just the option of having performance-critical code being eligible for special-case optimizations, rather than having optimizations be the default and saving the special-case for sensitive data.
    Reply
  • Meng Yang
    Must wait for end-2019 Ice Lake CPUs for in-silicon mitigation of Spectre & Meltdown. Early 2019 Cannon Lake is just a 10 nm die shrink of 8th-gen Coffee Lake.
    Reply
  • pegasusted2504
    I have a thought. Why not just tell intel/amd about it properly then when you tell the press or public you just say "we have found a problem, it is "x" bad and needs sorting? Instead of telling all the hackers and bad people out there exactly what the problem is where it affects and how to find/use it against others. "By disclosing it now, the researchers have put pressure on Intel to release a patch quickly to OEMs. "- No they haven't they just made all the scum aware of it giving them chance between now and patch day plenty of opportunity to have a go with it. They haven't done it out of some sense of public fairness or safety, they do it to crap on a company and to make themselves famous
    Reply