Intel Lazy FP State Restore CPU bug
gzorn last edited by
I see that there’s a new CPU bug on Intel - another side-channel info leak based on speculative execution. Seems that there’s a new patch for FreeBSD 12 for it. https://lists.freebsd.org/pipermail/freebsd-security/2018-June/009822.html
I’m guessing that it’s low risk on a PFsense box since it’s an info leak issue (would require another local compromise to exploit). Perhaps it’s more concerning for virtualized PFsense.
Will we see a new release to mitigate this?
A patch to FreeBSD -HEAD has been issued and we are evaluating. More information soon, pfSense development snapshots will be first to have this fix
rachelbarnes last edited by rachelbarnes
The company has not yet released technical details about the vulnerability, but since the vulnerability resides in the CPU, the flaw affects all devices running Intel Core-based microprocessors regardless of the installed operating systems, except some modern versions of Windows and Linux distributions.
As the name suggests, the flaw leverages a system performance optimization feature, called Lazy FP state restore, embedded in modern processors, which is responsible for saving or restoring the FPU state of each running application ‘lazily’ when switching from one application to another, instead of doing it ‘eagerly.’
“System software may opt to utilize Lazy FP state restore instead of eager save and restore of the state upon a context switch,” Intel says while describing the flaw.
"Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value Nox ShowBox VidMate