Security researchers from Amazon and Cyberus Technologies jointly discovered one of the eight second-generation Spectre flaws, which they dubbed “LazyFP” (CVE-2018-3665) because the vulnerability targets CPUs that use lazy floating point unit (FPU) switching.
Spectre Flaws Strike Again
Intel hadn’t even properly finished releasing patches to OEMs for the first generation of Spectre flaws before rumors about eight more Intel CPU vulnerabilities that affected speculative execution started appearing. According to reports, Intel has been pressing the researchers to delay their disclosure of the bugs, which is why we have yet to see all of them.
The disclosure of LazyFP, another speculative execution flaw, was also initially postponed till August. However, due to rumors of what the flaw may be, the researchers thought they needed to disclose it now, before malicious actors discover what the flaw is and start exploiting it in secret.
By disclosing it now, the researchers have put pressure on Intel to release a patch quickly to OEMs. (Users would likely still have to get firmware updates that include those patches from their motherboard or laptop manufacturers.)
Why Intel’s LazyFP Flaw Is Dangerous
Operating systems and virtual machines running on Intel Core processors may make use of “lazy restore” for floating point state when context switching between application processes, instead of “eagerly” saving and restoring this state.
Attackers that exploit this flaw could obtain information about the activity of other applications, including encryption operations. The flaw affects speculative execution on Intel CPUs similarly to other recent Spectre vulnerabilities.
Intel recommended system software developers to enable the Eager FP state restore instead of the Lazy FP state restore. The company didn’t mention whether or not it will release a patch to fix the flaw in the future. Right now it seems to rely on developers’ action to protect PC users.
As with the majority of Spectre flaws, the only long-term solution is going to be changing the CPU architecture. Intel can try to patch speculative execution here and there, but we’ll probably continue to see new such flaws pop-up in the future until the issue is fixed at the core of Intel’s architecture.