Intel FPU May Spill Crypto Secrets to Apps
The security shortcoming involves what’s known as lazy FPU state restore. Operating system kernels would only save and restore the floating-point unit (FPU) registers, and other context information, when programs were actually using the math unit.
This, it turned out today, through a security gaffe in Intel’s blueprints related to Spectre-Meltdown Variant 3A, allows a program to obtain scraps of the FPU context of another app. Variant 3A allows applications to read system registers that only privileged code should be allowed to peek at.
The fix is to employ a mechanism called eager FPU state restore, which modern Linux, Windows and other kernels use. These mitigations do not carry a performance hit – in fact, eager state switching can increase performance.
It says that only older Windows and Linux versions are vulnerable—no mention of macOS.
Previously: Intel CPU Design Flaw Necessitates Kernel Page Table Isolation.