From PC Gamer: A newly discovered chip vulnerability leaves owners of most Core processors susceptible to yet another side channel attack similar to Spectre and Meltdown. Fortunately, the fallout from this one shouldn't be as far reaching as those, nor is it as serious.
In a security bulletin, Intel refers to the new attack vector as a "Lazy FP state restore' bug. Red Hat is calling it a "Lazy FPU Restore" flaw. Both refer to the same thing, which is a speculative execution side channel attack affecting Sandy Bridge and newer Core processors.
"System software may utilize the Lazy FP state restore technique to delay the restoring of state until an instruction operating on that state is actually executed by the new process. Systems using Intel Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel," Intel explains.
Put another way, the flaw provides another means for an attacker to pluck sensitive information from affected systems, and specifically from running applications, including encrypted operations. The bug takes advantage of a performance optimization technique called FPU context switching.
View: Article @ Source Site
