Intel CPUs have another bug that can leak sensitive information

intel
by

Security researchers have discovered a vulnerability affecting all modern Intel Core and Xeon processors, which is an exploit of a performance optimization feature called “lazy FP state restore,” which can be exploited to sniff out sensitive information, including cryptographic keys used to protect sensitive data. The flaw affects all x86 micro-architectures by Intel, “Sandy Bridge” and later.

The “lazy FP state restore” feature is a set of commands used to temporarily store or restore the FPU states of applications running “lazily” (as opposed to “eagerly”). Red Hat put out an advisory stating that numbers held in FPU registers could be used to access sensitive information about the activities of other applications, including encryption keys. Intel began working with popular OS vendors to quickly roll out software patches against the vulnerability.

Read more at The Hacker News


Leave a Reply

Your email address will not be published. Required fields are marked *