Processor is the most important of all the hardware components of any computer as it manages all the tasks and enables us performing all the actions, like you’re reading this post. Recently, security researchers identified a brand new vulnerability in Intel CPUs called “Lazy FP State Restore”. At first, there was the Meltdown and Spectre with different strong variants. Now this! Intel is surely having hard time.
The vulnerability affects all the Intel CPUs of the Core-based series, according to Intel’s official statement. The horrible thing is, it’s present physically inside the processors, meaning that any operating running on any Intel Core-based CPU will be vulnerable to the attack.
What is Lazy FPU context switching?
At first, let’s talk about the vulnerable section of the CPU. Lazy FPU context switching is a performance optimization feature. It’s responsible for saving and restoring the FPU (Floating Point Unit) registers. These registers hold the floating point numbers and allows access to those whenever necessary.
Now, the bug here is physical. The physical bug in the CPU allows other processes to sneak into these registers along with their data.
The problem is, these numbers are necessary for various important tasks like cryptographic equations. Thus, a hacker may be able to sniff out numbers from these registers to crack an encryption key. The next moment, everything else will be gone.
The scope of the vulnerability
Despite it’s a major CPU bug in the processors, it’s not executable using a web browser. That makes this vulnerability less effective than the Meltdown. Meltdown is preventable with operating system patches in cost of performance.
Rumors about the bug
Before the vulnerability was officially disclosed, there were rumors about it since DragonflyBSD and OpenBSD released notices about patches that would fix this vulnerability. The notice was a strong indication that there was something wrong with the FPU registers in Intel’s processors.
Thankfully, this bug is preventable without changing the existing microcode. That’s a big relief for Intel whereas vendors are working for fixing the issue with future patches.
Here is a list of all the official statements of different vendors.