A new security vulnerability in a similar vein to Spectre and Meltdown has been discovered in Intel CPUs. The “Lazy FP state” flaw makes use of the speculative execution vulnerability that has been the bane of Intel CPUs for the past few months as repeated exploits have been discovered. It could potentially allow malicious actors to steal data from an affected user, though it has proven easier to patch than previous exploits of a similar type.
Processors from both AMD and Intel have been hit with a number of different security bugs in the past few months, as flaws at the deepest level of the hardware were discovered. While Spectre was applicable to both chipmakers’ hardware though, this latest bug is one that impacts Intel CPUs only. It affects every “Core” CPU released since Intel’s 2011 Sandy Bridge range debuted.
The problem stems from the fact that modern CPUs often store the state of running applications to improve performance when switching between tasks. That leaves a window of opportunity for malicious actors to read the contents of that register.
“It affects Intel designs similar to variant 3-a of the previous stuff, but it’s not Meltdown,” Red Hat computer architect Jon Masters said via Zdnet. “It allows the floating point registers to be leaked from another process, but alas that means the same registers as used for crypto, etc.”
That’s perhaps the most worrisome aspect of this flaw, in that it allows for the extraction of data while encryption is being conducted. That could be especially problematic if servers were targeted.
Fortunately, this flaw is much less of a problem than those previously discovered. It has already been patched out in a number of environments — including Linux 4.9 or newer, Windows Server 2016, and Windows 10. Better yet, the fix does not impact performance as it has done in the case of certain other exploits related to Spectre and Meltdown.
The general recommendation for anyone running potentially affected hardware is to make sure that you operating system is patched to its latest version and to keep an eye on your motherboard manufacturer’s website for any potential BIOS updates that are released.
Editors’ Recommendations
- New Spectre-like bug could mean more performance-degrading patches
- Microsoft’s Windows 7 Meltdown update granted access to all data in memory
- Intel reportedly gears up to patch 8 Spectre Next Generation CPU flaws
- AMD is working on fixes for the reported Ryzenfall, MasterKey vulnerabilities
- AMD has a fix for Spectre variant II, but will motherboard makers support it?