SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Linux)  >   Linux Kernel Vendors:   kernel.org
Linux Kernel 'Lazy FPU Restore' Lets Local Users Obtain Potentially Sensitive FPU State Information on the Target System
SecurityTracker Alert ID:  1041124
SecurityTracker URL:  http://securitytracker.com/id/1041124
CVE Reference:   CVE-2018-3665   (Links to External Site)
Date:  Jun 14 2018
Impact:   Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the Linux kernel. A local user can obtain potentially sensitive information.

A local user can conduct cache side-channel attacks to exploit a flaw in the 'Lazy Floating Point Unit (FPU)' scheme where the kernel saves and restores FPU state during task switching to potentially determine FPU state bits.

Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), Zdenek Sojka (sysgo.com), and Colin Percival reported this vulnerability.

Impact:   A local user can obtain potentially sensitive FPU state information on the target system.
Solution:   The vendor has issued a source code fix, available at:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=58122bf1d856a4ea9581d62a07c557d997d46a19

Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:   Access control error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 15 2018 (Red Hat Issues Fix) Linux Kernel 'Lazy FPU Restore' Lets Local Users Obtain Potentially Sensitive FPU State Information on the Target System
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Jun 20 2018 (OpenBSD Issues Fix for OpenBSD Kernel) Linux Kernel 'Lazy FPU Restore' Lets Local Users Obtain Potentially Sensitive FPU State Information on the Target System
OpenBSD has issued a fix for OpenBSD 6.3.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC