“System software may opt to utilize Lazy FP state restore instead of eager save and restore of the state upon a context switch…Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other process through a speculative execution side channel that infers their value.”
In simpler terms, what this means is that a hacker could use this exploit to gain partial cryptographic keys used by other programs running on the target computer.
While related to the recent Spectre and Meltdown security flaws, this one is different in two ways. First, it’s not quite as severe as the formerly discovered flaws in scope or scale. To make use of this, one would require an incredibly exotic attack that would simply be beyond the capabilities of most hackers.
Also, it should be noted that where Spectre and Meltdown impacted dozens of chipsets dating back more than a decade, the “Lazy FP State Restore” flaw only impacts chips beginning at Sandy Bridge.
The other key difference is that the flaw in this case, does not reside in the hardware. That’s good news for businesses of all shapes and sizes, because it means that when Intel and their hardware vendors have a patch ready, it will be quick and relatively painless to install it.
Unfortunately, since the initial discovery of Spectre and Meltdown, a number of variants of those flaws have emerged, and now this new one. It’s unlikely that this will be the last we’ve seen of these types of issues, so if you’re using Intel equipment, brace yourself. There’s likely more to come.
Used with permission from Article Aggregator