More Intel Users are Protected Against CVE-2018-3665 than Developers Originally Feared

An Intel-related security vulnerability deemed CVE-2018-3665 created quite a stir when many organizations attempted to quickly release patches for the problem on Tuesday. While details are still coming out, information released last evening and as late as this afternoon suggests that some users might actually already be safe without having installed any updates between June 11 and 14.

Lazy FP state restore functionality provided by some Intel chips can potentially be exploited whenever a user changes between two different applications. Operating system software that uses this instruction instead of proper save and restore could theoretically allow data to leak out.

Intel’s engineers went on to recommend that developers use the Eager FP instead of Lazy FP technique when switching applications. The good news is that the newest versions of GNU/Linux aren’t affected by the vulnerability.

Anyone who is running kernel version 4.9 or higher can’t spill any data even if they’re working with a compromised processor. Linux security experts have been working to port over fixes to earlier versions of the kernel, which is vital to ensure that a majority of users are protected. Users of most distributions may be on an older kernel and therefore require an update to fix the issue.

Security experts feel that some other Unix implementations are also immune only if users are running recent versions of their operating system. For instance, ‘3665 doesn’t influence the latest spins of DragonflyBSD or OpenBSD. Engineers also stated that users of Red Hat Enterprise Linux 7 aren’t effected as long as they’re using the kernel-alt package, though users of standard RHEL 7 should update.

Their representatives also mentioned that machines running RHEL on hardware powered by AMD equipment aren’t effected. Developers stated that users who boot the Linux kernel on older processors with ‘eagerfpu=on’ as a parameter have already mitigated the problem.

Even if an installation is vulnerable to ‘3665, that doesn’t mean that anything malicious will actually happen. Malicious software has to be embedded inside of it for that to happen. If that were the case, then said infection would only be able to remove small amounts of data each time an application were switched for another while still running. Nevertheless, users are urged to update to prevent future problems considering how severe this problem is.

John Rendace
John is a GNU/Linux expert with a hobbyist's background in C/C++, Web development, storage and file system technologies. In his free time, he maintains custom and vintage PC hardware. He's been compiling his own software from source since the DOS days and still prefers using the command line all these years later.