Intel has disclosed a new vulnerability affecting most of its Core processors and making them targets for side-channel attacks similar to Spectre and Meltdown. The vulnerability, dubbed "Lazy FP State Restore" (CVE–2018–3665), allows a process to infer the contents of FPU/MMX/SSE/AVX registers belonging to other processes. Only certain operating systems (OSs) are affected, and a fix could be made at the OS level without needing a microcode update.
The new vulnerability is made possible by a feature of x86 processors that allows operating systems to lazily switch the Floating-point unit (FPU) on a context switch. Indeed, due to the usually much higher number of FPU registers, an eager save and restore of the FPU state can be relatively expensive, so operating systems can instead opt to utilize Lazy FP state restore. This means the actual save and restore of the FPU state is delayed until an instruction wants to access it. This behaviour makes sense since not all programs use the FPU but it allows attackers to access FPU registers that they are not allowed to access yet by using that register as part of a memory address, so the CPU will speculatively access it. Later the CPU will detect and fix its mistake but traces of this speculative execution are left in the cache, making them available to an attacker.
According to Colin Percival, one of the security researchers that built an exploit for this vulnerability, the main risk linked to it is that AES encryption keys are often stored in the FPU’s Streaming SIMD Extensions (SSE) registers. Although it took Percival just five hours to code the exploit, he says that exploiting it remotely is much harder than Meltdown:
You need to be able to execute code on the same CPU as the target process in order to steal cryptographic keys this way. You also need to perform a specific sequence of operations before the CPU pipeline completes, so there’s a narrow window for execution.
This new vulnerability is similar to Meltdown in that it allows to read protected memory contents from a user space program, but it is restricted to certain register contents across process boundaries.
On the bright side of things, this vulnerability can be fixed at the OS level, without requiring any microcode updates like Spectre and Meltdown did. Actually, only systems running specific combinations of processor and operating system are affected. In particular, older Linux versions (previous to 4.9), FreeBSD, and some hypervisors are vulnerable when running on Intel Core CPUs. Microsoft has stated in a security advisory that all Windows versions use Lazy PF state restore and that it cannot be disabled, which makes Windows vulnerable, but the advisory also states that updates will be forthcoming. Customers running VMs in Azure are not at risk from this variant. Furthermore, no mitigation or workarounds are available at the time.
While the state of non-Intel processors respect to this vulnerability is unclear, AMD told SecurityWeek they do not believe their products are susceptible to being exploited.
InfoQ will update this post as new information becomes available.