FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Lazy FPU State Restore Information Disclosure

Affected packages
11.1 <= FreeBSD-kernel < 11.1_11

Details

VuXML ID 4e07d94f-75a5-11e8-85d1-a4badb2f4699
Discovery 2018-06-21
Entry 2018-06-21

Problem Description:

A subset of Intel processors can allow a local thread to infer data from another thread through a speculative execution side channel when Lazy FPU state restore is used.

Impact:

Any local thread can potentially read FPU state information from other threads running on the host. This could include cryptographic keys when the AES-NI CPU feature is present.

References

CVE Name CVE-2018-3665
FreeBSD Advisory SA-18:07.lazyfpu

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.