#VU13337 Side-channel attack in Intel Hardware solutions


Published: 2018-06-14 | Updated: 2018-06-14

Vulnerability identifier: #VU13337

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-3665

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Intel Core M 32nm
Hardware solutions / Firmware
Intel Core M 45nm
Hardware solutions / Firmware
Intel Core i7 32nm
Hardware solutions / Firmware
Intel Core i7 45nm
Hardware solutions / Firmware
Intel Core i5 32nm
Hardware solutions / Firmware
Intel Core i5 45nm
Hardware solutions / Firmware
Intel Core i3 32nm
Hardware solutions / Firmware
Intel Core i3 45nm
Hardware solutions / Firmware

Vendor: Intel

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to utilizing the Lazy FP state restore technique for floating point state when context switching between application processes. A local attacker can conduct cache side-channel attacks and determine register values of other processes.

Note: This vulnerability is known as LazyFP.

Mitigation
Update the affected software.

Vulnerable software versions

Intel Core M 32nm: All versions

Intel Core M 45nm: All versions

Intel Core i7 32nm: All versions

Intel Core i7 45nm: All versions

Intel Core i5 32nm: All versions

Intel Core i5 45nm: All versions

Intel Core i3 32nm: All versions

Intel Core i3 45nm: All versions


CPE

External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability