Vulnerability identifier: #VU13337

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-3665

CWE-ID:

Exploitation vector: Local

Exploit availability:

Vulnerable software:
Intel Core M 32nm
Hardware solutions / Firmware
Intel Core M 45nm
Hardware solutions / Firmware
Intel Core i7 32nm
Hardware solutions / Firmware
Intel Core i7 45nm
Hardware solutions / Firmware
Intel Core i5 32nm
Hardware solutions / Firmware
Intel Core i5 45nm
Hardware solutions / Firmware
Intel Core i3 32nm
Hardware solutions / Firmware
Intel Core i3 45nm
Hardware solutions / Firmware

Vendor: Intel

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to utilizing the Lazy FP state restore technique for floating point state when context switching between application processes. A local attacker can conduct cache side-channel attacks and determine register values of other processes.

Note: This vulnerability is known as LazyFP.

Mitigation
Update the affected software.

Vulnerable software versions

Intel Core M 32nm: All versions

Intel Core M 45nm: All versions

Intel Core i7 32nm: All versions

Intel Core i7 45nm: All versions

Intel Core i5 32nm: All versions

Intel Core i5 45nm: All versions

Intel Core i3 32nm: All versions

Intel Core i3 45nm: All versions

---

Fixed software versions

CPE

• cpe:2.3:h:intel:intel_core_m_32nm:*:*:*:*:*:*:*:*

External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html

---

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?