Intel CPUs have another bug that can leak sensitive information

[Greg S]

Why it matters: Floating point operations are used in encryption algorithms and in many applications that require user privacy. Unwanted access to a system's CPU leaves a significant amount of sensitive information available to be stolen. Although not as large of a flaw as Spectre or Meltdown, Intel is going to have to answer to enterprise customers over the stream of security patches required.

After shaking up the community earlier this year, Spectre and Meltdown flaws found in the vast majority of modern processors have changed the normal state of security patches. Now, Intel has disclosed that it is affected by another bug that can leak information between running processes.

Lazy FP State Restore deals with how floating point numbers are calculated. All Intel Core processors are considered to be affected by this vulnerability. In order to improve performance, a dedicated hardware portion of the CPU handles all floating point calculations and maintains its own set of registers. When switching between tasks, Intel's CPUs save their current execution states and load in a new set of information.

During this process, the floating point unit state can be ignored since many applications do not need to pause and resume computation of floating point numbers. In what is known as the lazy restore scheme, the FPU issues a Device not Available exception during a task switch. However, the data stored in the FPU registers is able to be determined by other processes when the lazy restore scheme is used.

In this case, the fix is already possible via regular software updates and thankfully not another problem that requires microcode updates. Simply avoiding the use of lazy FP state restore mitigates the problem. Eager save and restore is a secondary method of accomplishing the same goal but with slightly lower performance.

For general consumers this vulnerability is unlikely to have any severe impacts, but for enterprise and data centers, this is going to be another painful round of applying patches. Vendors such as RedHat have already begun issues updates to their software to implement eager save and restore operations.

Permalink to story.

https://www.techspot.com/news/75090-intel-cpus-have-another-bug-can-leak-sensitive.html

 

[HardReset]

That's another well deserved punishment for those who bought Intel CPU's.

 

[amghwk]

This got nothing to do with Intel or AMD. Hackers have become more advanced, from hacking software to now exploiting the deep core of the functions of the CPU itself.

 

[MoeJoe]

LMAO. Ryzen F T W !

 

[Misagt]

LMAO. Ryzen F T W !

I'm glad my new build that I bought this week is built around the Ryzen 7 2700x

 

[MoeJoe]

I'm glad my new build that I bought this week is built around the Ryzen 7 2700x

So am I. Cross-hair VII Hero with a 2700 has exceeded ALL my expectations.
And I saved a boat load of cash.

The Meltdown/Spectre fiasco and now this has me leaving Intel in the dust.
And the mobo mfg's and their piss-poor support for security updated BIOS roll-outs (especially MSI) forced me to think differently.
AMD all the way now ...

 

[Lionvibez]

Whats missing from this story is that this flaw only affects Sandy bridge and newer.

As someone that is still on a gulftown processor i7 970 I'm not affected.

 

[pcnthuziast]

Intel's the swiss cheese of cpu's these days. So many holes... smfh

 

[HardReset]

This got nothing to do with Intel or AMD. Hackers have become more advanced, from hacking software to now exploiting the deep core of the functions of the CPU itself.

Fortunately those hacks work better against Intel CPU's.

 

[texasrattler]

Ive used i7 3rd gen for the last 4 yrs. still not a single issue with any of these security issues that have been announced.
im not seeing or being affected by any of these. my comp is just the same as before n my games all play fine.
as far as I can tell most users wont need to worry or even notice anything.

 

[Evernessince]

This got nothing to do with Intel or AMD. Hackers have become more advanced, from hacking software to now exploiting the deep core of the functions of the CPU itself.

If it were hackers that were getting better these issues would affect AMD as well. This isn't a market agnostic issue, it's a Intel dun screwed up issue.

Ive used i7 3rd gen for the last 4 yrs. still not a single issue with any of these security issues that have been announced.
im not seeing or being affected by any of these. my comp is just the same as before n my games all play fine.
as far as I can tell most users wont need to worry or even notice anything.

Exactly the point, you wouldn't be able to tell if you were exploited in the first place. This isn't a virus that makes it obvious, exploits like Spectre and Meltdown can be executed from a remote computer and gain access to your system without you even knowing.

 

[Danny101]

This just goes to show that processor optimizations can only go so far until you need a redesign or nanometer reduction for performance. AMD can fall into this trap if they don't watch it.

 

[Dustyn]

I believe the first thing everybody should do here is to panic.

 

[JohnnyStone]

That's another well deserved punishment for those who bought Intel CPU's.

I could not have said it better. Many years ago I said that people who buy Intel CPU's share in the evil the company is doing and will share in the result as well. If you walk with people who use the sword, you might die by the sword!

 

[Shadowboxer]

That's another well deserved punishment for those who bought Intel CPU's.

Care to explain why you think Intel buyers deserve to be punished?

You AMD fanboys are getting more and more desperate everyday.

 

[BrianMontanye]

I'm glad my new build that I bought this week is built around the Ryzen 7 2700x

So am I. Cross-hair VII Hero with a 2700 has exceeded ALL my expectations.
And I saved a boat load of cash.

The Meltdown/Spectre fiasco and now this has me leaving Intel in the dust.
And the mobo mfg's and their piss-poor support for security updated BIOS roll-outs (especially MSI) forced me to think differently.
AMD all the way now ...

You do realize AMD has the same, if not worse flaws right?

https://amdflaws.com/

 

[BrianMontanye]

This got nothing to do with Intel or AMD. Hackers have become more advanced, from hacking software to now exploiting the deep core of the functions of the CPU itself.

If it were hackers that were getting better these issues would affect AMD as well. This isn't a market agnostic issue, it's a Intel dun screwed up issue.


No, it sure isn't.

https://amdflaws.com/

 

[HardReset]

Care to explain why you think Intel buyers deserve to be punished?

You AMD fanboys are getting more and more desperate everyday.

For supporting company that does so much dirty tricks.

You do realize AMD has the same, if not worse flaws right?

https://amdflaws.com/

No, I don't. "Same or not worse" All those "flaws" require admin access, most require local admin access.

Using Spectre or Meltdown vulnerability do not require admin access, so "(y)"

 

[Shadowboxer]

For supporting company that does so much dirty tricks that Intel has done.



No, I don't. "Same or not worse" All those "flaws" require admin access, most require local admin access.

Using Spectre or Meltdown vulnerability do not require admin access, so "(y)"

I really pity you.

 

[Theinsanegamer]

That's another well deserved punishment for those who bought Intel CPU's.

This is a really short sighted statement. Phenom II wasnt on par with sandy bridge, and was almost 3 years old when bulldozer finally came out, after intel sent them through the ringer.

Bulldozer was an abysmal failure, piledriver was slightly better, then AMD just gave up for about 3-4 years on the CPU market altogether, only finally competing last year. And before that, phenom II was really playing catchup after AMD's phenom was slower then expected, and they sat for years selling athlon 64 when the core 2 chips were getting progressively faster every 6 months.

You cant blame people for buying Intel CPUs when all AMD could do was drop the ball time and time again while trying to maintain ATi at the same time. If you wanted a fast CPU, you bought Intel, full stop. Especially from 2012-2017, when AMD was too busy sucking its own thumb to pay any attention to the world around it.

 

[HardReset]

This is a really short sighted statement. Phenom II wasnt on par with sandy bridge, and was almost 3 years old when bulldozer finally came out, after intel sent them through the ringer.

Bulldozer was an abysmal failure, piledriver was slightly better, then AMD just gave up for about 3-4 years on the CPU market altogether, only finally competing last year. And before that, phenom II was really playing catchup after AMD's phenom was slower then expected, and they sat for years selling athlon 64 when the core 2 chips were getting progressively faster every 6 months.

You cant blame people for buying Intel CPUs when all AMD could do was drop the ball time and time again while trying to maintain ATi at the same time. If you wanted a fast CPU, you bought Intel, full stop. Especially from 2012-2017, when AMD was too busy sucking its own thumb to pay any attention to the world around it.

Athlon64 was faster, cheaper and cooler than anything Intel had. Athlon64 didn't sell well because Intel bribed manufacturers for not even accept AMD CPU's for free (that's 0$). Everything you said is direct consequence of Intel's dirty tricks around Athlon64 era. For example Bulldozer had several bugs that AMD never bothered to fix, those resources was added to Zen architecture development. That's why Piledriver never got successor, Steamroller and Excavator were for APU's.

So you could blame server dumbasses for not buying AMD at time when AMD had clearly superior product. And big reason for that were Intel's dirty tricks. Simple as that.

 

[texasrattler]

Why you act like Intel is the only one playing dirty. You think AMD play fair, your ignorant if you think that.
All manufacturers do things, there is no exception.

 

[kgbme]

LMAO. Ryzen F T W !

My first response, as well: No way, LOL!! xD

For supporting company that does so much dirty tricks that Intel has done.

I really pity you.

Wait, what?.. Why?? o.0

EDIT:
I'll agree with most things (here), except for:

And I saved a boat load of cash.

^^ Such claims are, simply, not true. Why are people quick to mislead, when it comes to AMD being (so much) cheaper than Intel?!

(Especially when all said and done, Intel still has the upper hand; performance-wise and, also, when it comes to power consumption. Correct?!)

 

[kgbme]

[..] as far as I can tell most users wont need to worry or even notice anything.

Um (!), Windows 10 WILL push out (automatic!) updates, right!? Ones that concern Intel CPUs. Not trying to spam the forums, here, but had to make another comment - and ask about this!!

So, anyone running Windows 10 will get the patches and will experience all (possible slowdown) effects!?

P.S.
Unless, ofc., your (Windows) system is configured via Group Policy, Local Group Policy, to not get automagically updated.

EDIT: Btw., there's a great (new) tool, to control a bunch of privacy options (including updates) @

https://getwpd.com/

(Check their page, they've got Discord, as well!..)

 

[HardReset]

Why you act like Intel is the only one playing dirty. You think AMD play fair, your ignorant if you think that.
All manufacturers do things, there is no exception.

Sources for AMD playing dirty on CPU market? There are plenty of sources that say Intel plays dirty but nearly zero sources that say AMD plays dirty.

So much for that "theory".

(Especially when all said and done, Intel still has the upper hand; performance-wise and, also, when it comes to power consumption. Correct?!)

Power consumption, incorrect.