LazyFP

Lazy FP Save/Restore (CVE-2018-3665)

Julian Stecklina, of Amazon, and Thomas Prescher, of Cyberus Technology, discovered that FPU register states (such as MMX, SSE, and AVX registers) which are lazy restored are potentially vulnerable to a side channel attack whereby one process is able to read registers of another process that are being lazy restored (CVE-2018-3665). The solution is eager restore of the states which has been the default in the Linux kernel since version 4.5. Ubuntu 17.10 and 18.04 are not affected by this issue. Older kernels running on processors that support the xsaveopt instruction are also not affected. You can verify if your system has support for xsaveopt by locating the "xsaveopt" feature listed in the flags section of the /proc/cpuinfo file.

To address the issue for Ubuntu 16.04 LTS and Ubuntu 14.04 LTS systems which are running on older hardware that lacks the "xsaveopt" feature, pre-release kernel updates are available for testing:

Package

Version

Linux Kernel (18.04 LTS)

Not affected

Linux Kernel (17.10)

Not affected

Linux Kernel (16.04 LTS)

4.4.0-130.156 from xenial-proposed

Linux Kernel (14.04 LTS)

3.13.0-153.203 from trusty-proposed


For more information on these issues, please see the following reference documents:

Timeline

  • 2018 June 13 at 21:00 UTC: the issue is made public ahead of the coordinated release date
  • 2018 August 14: the original coordinated release date

SecurityTeam/KnowledgeBase/LazyFP (last edited 2018-06-15 14:27:57 by tyhicks)