As predicted by security researchers, the Meltdown and Spectre vulnerabilities announced this year were just the tip of the iceberg when it comes to security issues related to the speculative execution feature of modern CPUs.
In coordination with operating system makers, Intel has revealed a new vulnerability dubbed LazyFP, or CVE-2018-3665, that affects its Intel Core family of CPUs and can be used to leak sensitive information from application processes through a speculative execution side channel.
The vulnerability was discovered by Julian Stecklina from Amazon Germany and Thomas Prescher from Cyberus Technology and affects operating systems and hypervisors that use the lazy FPU (floating-point unit) context switching. The flaw was scheduled to be disclosed in August, but the researchers and Intel were forced to make an early partial disclosure this week because some of the details were leaked.
The FPU is a specialized math coprocessor that’s part of Intel’s modern CPUs and is used to accelerate mathematical operations on floating point numbers. During such operations, the FPU state might contain sensitive information, including cryptographic keys.
On a regular multitasking operating system, different processes need to use the FPU at different times. So, to give all of them a fair chance, the OS will perform context switching by saving the state of the FPU associated with one process and temporarily loading the state associated with another one. This context switching can be done in two ways, “lazy” or “eager,” with the former historically having a performance benefit over the latter.
“Starting with the introduction of the x86-64 architecture, the presence of at least some SIMD instruction set extensions is mandated and their use has become more widespread,” Prescher and Stecklina said in a blog post. “As such the underlying assumption of lazy FPU switching is not valid anymore. The performance gain by lazy FPU switching has become negligible, and some kernels already removed it in favor of eager switching.”
It’s important to note that the LazyFP vulnerability can only be exploited when lazy FPU switching is used—hence, its name. In terms of impact, it is similar to Meltdown, because it allows the reading of sensitive information in the form of register contents across security domain boundaries.
“If an XSAVE-enabled feature is disabled, then we recommend either its state component bitmap in the extended control register (XCR0) is set to 0 (e.g. XCR0[bit 2]=0 for AVX, XCR0[bits 7:5]=0 for AVX512) or the corresponding register states of the feature should be cleared prior to being disabled,” Intel said in its advisory. “Also for relevant states (e.g. x87, SSE, AVX, etc.), Intel recommends system software developers utilize Eager FP state restore in lieu of Lazy FP state restore.”
According to Microsoft, lazy state restore is enabled by default in Windows and cannot be disabled. The company plans to release updates to mitigate this problem in Windows in the future; however, virtual machines running in Azure are not at risk.
Red Hat Enterprise Linux 7 will automatically default to the safe “eager” floating point register restore on Sandy Bridge and newer Intel processors, Red Hat said in an advisory. On older processors, users can boot the kernel with the eagerfpu=on parameter to mitigate the risk.
However, RHEL 6 is affected and doesn’t support the eagerfpu=on parameter, so Red Hat plans to release patches for that version of the OS.
Systems running all versions of the Xen hypervisor are affected, but “depending on the availability of host resources, leakage can be prevented between VMs by using cpupools or cpu pinning to isolate the vCPUs from different VMs to separate pCPUs,” the Xen Project said in an advisory.