Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

CYBERSECURITY | New vulnerability found in modern Intel CPUs

0

Intel confirmed a newly discovered vulnerability affecting all modern Intel CPUs starting from their Sandy Bridge line-up.

Computer repair concept

Computer repair concept

Intel confirmed a newly discovered vulnerability affecting all modern Intel CPUs starting from their Sandy Bridge line-up, dubbed Lazy FP State Restore, the vulnerability (CVE-2018-3665).

Vendors are now pushing to rush their roll out of security updates in order to fix the flaw and keep their customers protected.

The flaw exploits a system performance optimization feature, Lazy FP state restore, which is embedded in modern processors, and is responsible for saving or restoring the FPU state of each running application ‘lazily’ when switching from one application to another.

“System software may opt to utilize Lazy FP state restore instead of eager save and restore of the state upon a context switch,” Intel said. while describing the flaw. “Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value.”

The latest Red Hat advisory stated that the numbers held in FPU registers can be used to access sensitive information about the activity of other applications, including parts of cryptographic keys being used to secure data in the system.

But unlike Spectre and Meltdown, this latest vulnerability does not reside inside the hardware so it can be fixed with patches on different operating systems without requiring new CPU microcodes from Intel.

Red Hat is already working with their partners to issue a patch. Other modern versions of Linux from kernel version 4.9 released in 2016 onwards are not affected by this vulnerability.

Modern versions of Windows, as well as Windows Server 2016 are also not affected. Microsoft published a security advisory explaining that the company is currently working on security updates which will be released on the next Patch Tuesday on July.

They say that Lazy restore is enabled by default in and cannot be disabled. Virtual machines, kernel, and processes are vulnerable to this exploit, however, those who are running VMs in Azure are not affected.

AMD processors are not affected by this issue.

Ira James is an enthusiast who has his roots on PC hardware and gaming. His career as a tech journalist began after working in the PR industry for two years. He started GGWPTech to write PC hardware reviews, gaming, cyber security, and enterprise tech news. His works are also syndicated by other media publishers: Tech Sabado, and the Sunday and Business I.T. section of Manila Times.

Leave a Reply

Your email address will not be published. Required fields are marked *