Stromasys Security Advisory: Intel Releases Information on Lazy FP State Restore Vulnerability

Intel released security advisory SA-00145 classified as moderate on June 13th, 2018 about a vulnerability in their Intel Core processors using Lazy FP state feature that delays the update of Floating point state until it is used. An unprivileged attacker could reveal FP register values using a cache side channel techniques as in the reported Spectre/Meltdown vulnerabilities.

Mitigation on Linux Hosts: 
On systems running Charon that are not exposed to external access this exploit cannot happen.
Additionally Charon products do not set FP Lazy mode and when running on new Intel core processors (Sandy Bridge and later) with RedHat/Centos 7.x Linux will default to FPU setting of eagerfpu=on which disables Lazy FP state vulnerability. For older versions of RedHat/CentOS this can be mitigated using “eagerfpu=on” as boot parameter.
Users can check the CPU flag eagerfpu to make sure Lazy FP mode is disabled with the following command in their Linux systems:
# cat /proc/cpuinfo | grep eagerfpu
The “eagercpu” flag should be displayed.
RedHat official advisory can be read here.

Mitigation on Microsoft Windows OS:
Microsoft has acknowledged the vulnerability and will provide workaround shortly. Refer to ADV180016.
MS Windows hosts running Charon should be protected from external access in the meantime.

Charon AXP+ Considerations:
Charon AXP+ contact support for kit with patches.