Linux Kernel 'Lazy FPU Restore' Lets Local Users Obtain Potentially Sensitive FPU State Information on the Target System
|
|
SecurityTracker Alert ID: 1041124 |
|
SecurityTracker URL: http://securitytracker.com/id/1041124
|
|
CVE Reference:
CVE-2018-3665
(Links to External Site)
|
Date: Jun 14 2018
|
Impact:
Disclosure of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in the Linux kernel. A local user can obtain potentially sensitive information.
A local user can conduct cache side-channel attacks to exploit a flaw in the 'Lazy Floating Point Unit (FPU)' scheme where the kernel saves and restores FPU state during task switching to potentially determine FPU state bits.
Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), Zdenek Sojka (sysgo.com), and Colin Percival reported this vulnerability.
|
Impact:
A local user can obtain potentially sensitive FPU state information on the target system.
|
Solution:
The vendor has issued a source code fix, available at:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=58122bf1d856a4ea9581d62a07c557d997d46a19
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause:
Access control error
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
