There has been something of a spate of chip vulnerability discoveries recently, and now another one has emerged. Known as Floating Point Lazy State Save/Restore, the security flaw (CVE-2018-3665) is found in Intel Core and Xeon processors and it is another speculative execution vulnerability in a similar vein to Spectre. The security flaw takes advantage of one of the ways the Linux kernel saves and restores the state of the Floating Point Unit (FPU) when switching tasks -- specifically the Lazy FPU Restore scheme. Malware or malicious users can take advantage of the vulnerability to grab encryption keys. Linux kernel…
[Continue Reading]
Aucun commentaire:
Enregistrer un commentaire