'Lazy State' CPU Security Hole Unveiled by Intel
Intel announced that there's another CPU security bug in its Core-based microprocessors. The latest Intel revelation, Lazy FP state restore, can theoretically pull data from your programs, including encryption software, from your computer regardless of your operating system.
Like Meltdown and Spectre forebears, this is a speculative execution vulnerability. It affects Intel designs similar to variant 3-a of the previous stuff, but it's not Meltdown. Still, it allows the floating point registers to be leaked from another process, but alas that means the same registers as used for crypto, etc.
System software may utilize the Lazy FP state restore technique to delay the restoring of state until an instruction operating on that state is actually executed by the new process. Systems using Intel Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel.
If an XSAVE-enabled feature is disabled, then Intel recommends either its state component bitmap in the extended control register (XCR0) is set to 0 (e.g. XCR0[bit 2]=0 for AVX, XCR0[bits 7:5]=0 for AVX512) or the corresponding register states of the feature should be cleared prior to being disabled. Also for relevant states (e.g. x87, SSE, AVX, etc.), Intel recommends system software developers utilize Eager FP state restore in lieu of Lazy FP state restore.
Lazy State does not affect AMD processors.
Most versions of Windows, including Server 2016 and Windows 10. are believed to be safe. If you're still using Windows Server 2008, however, you will need a patch.
This security problem was found by Julian Stecklina from Amazon Germany, Thomas Prescher from Cyberus Technology, and Zdenek Sojka from SYSGO AG.