CLD-432 Details
Other IDs this deficiency may be known by:
Basic Information:
| Affected Package(s) |
linux |
| Deficiency Type |
SECURITY |
| Date Created |
2018-06-16 10:02:09 |
| Date Last Modified |
2018-06-16 18:15:54 |
Version Specific Information:
| Cucumber 1.0 i686 | fixed in linux-4.9.109-i686-1 |
| Cucumber 1.0 x86_64 | fixed in linux-4.9.109-x86_64-1 |
| Cucumber 1.1 i686 |
fixed in linux-4.9.109-i686-1 |
| Cucumber 1.1 x86_64 |
fixed in linux-4.9.109-x86_64-1 |
Details:
=================================== Overview ===================================
System software may utilize the Lazy FP state restore technique to delay the
restoring of state until an instruction operating on that state is actually
executed by the new process. Systems using Intel® Core-based microprocessors
may potentially allow a local process to infer data utilizing Lazy FP state
restore from another process through a speculative execution side channel.
================================ Initial Report ================================
From
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html:
Summary:
System software may utilize the Lazy FP state restore technique to delay the
restoring of state until an instruction operating on that state is actually
executed by the new process. Systems using Intel® Core-based microprocessors
may potentially allow a local process to infer data utilizing Lazy FP state
restore from another process through a speculative execution side channel.
Description:
System software may opt to utilize Lazy FP state restore instead of eager save
and restore of the state upon a context switch. Lazy restored states are
potentially vulnerable to exploits where one process may infer register values
of other processes through a speculative execution side channel that infers
their value.
· CVSS - 4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Affected Products:
Intel® Core-based microprocessors.
Recommendations:
If an XSAVE-enabled feature is disabled, then we recommend either its state
component bitmap in the extended control register (XCR0) is set to 0 (e.g.
XCR0[bit 2]=0 for AVX, XCR0[bits 7:5]=0 for AVX512) or the corresponding
register states of the feature should be cleared prior to being disabled. Also
for relevant states (e.g. x87, SSE, AVX, etc.), Intel recommends system
software developers utilize Eager FP state restore in lieu of Lazy FP state
restore.
Acknowledgements:
Intel would like to thank Julian Stecklina from Amazon Germany, Thomas Prescher
from Cyberus Technology GmbH (https://www.cyberus-technology.de/), Zdenek Sojka
from SYSGO AG (http://sysgo.com), and Colin Percival for reporting this issue
and working with us on coordinated disclosure.
================================= Our Analysis =================================
----- Affected Products -----
Versions of the 4.9 of the Linux kernel prior to 4.9.109 are vulnerable. All
releases of version 4.14 of the Linux kernel are not vulnerable. This means
that Linux as originally packaged in Cucumber Linux 1.0 and 1.1 is vulnerable,
but Linux as packaged in the Cucumber Linux 2.0 development branch is not.
----- Scope and Impact of this Vulnerability -----
Allows for an information disclosure by allowing a local process to infer data
using the Lazy FP restore.
----- Fix for this Vulnerability -----
This vulnerability can be fixed by upgrading to version 4.9.109 or later of the
Linux kernel, or by applying the patch from upstream commit
ca6938a1cd8a1c5e861a99b67f84ac166fc2b9e7.
================================= Our Solution =================================
Cucumber 1.0/1.1:
We have upgraded to Linux 4.9.109.
Cucumber 2.0:
No action necessary; not affected.