| Description: | Summary:
The remote host is missing an update to the system
as announced in the referenced advisory FreeBSD-SA-06:14.fpu.asc
Vulnerability Insight:
The floating-point unit (FPU) of i386 and amd64 processors is derived from
the original 8087 floating-point co-processor. As a result, the FPU
contains the same debugging registers FOP, FIP, and FDP which store the
opcode, instruction address, and data address of the instruction most
recently executed by the FPU.
On processors implementing the SSE instruction set, a new pair of
instructions fxsave/fxrstor replaces the earlier fsave/frstor pair used
for saving and restoring the FPU state. These new instructions also
save and restore the contents of the additional registers used by SSE
instructions.
On 7th generation and 8th generation processors manufactured by AMD,
including the AMD Athlon, Duron, Athlon MP, Athlon XP, Athlon64, Athlon64
FX, Opteron, Turion, and Sempron, the fxsave and fxrstor instructions do
not save and restore the FOP, FIP, and FDP registers unless the exception
summary bit (ES) in the x87 status word is set to 1, indicating that an
unmasked x87 exception has occurred.
This behaviour is consistent with documentation provided by AMD, but is
different from processors from other vendors, which save and restore the
FOP, FIP, and FDP registers regardless of the value of the ES bit. As a
result of this discrepancy remaining unnoticed until now, the FreeBSD
kernel does not restore the contents of the FOP, FIP, and FDP registers
between context switches.
Solution:
Upgrade your system to the appropriate stable release
or security branch dated after the correction date.
CVSS Score:
2.1
CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
