Headline
XGETBV Is Non-Deterministic On Intel CPUs
The XGETBV instruction reads the contents of an internal control register. It is not a privileged instruction and is usually available to userspace. The contents is also exposed via the xstate_bv header in the XSAVE structure. The primary use of XGETBV is determining the XINUSE flags, which allows kernels and userthread implementations to determine what CPU state needs to be saved or restored on context switch. However, it has been observed that these flags appear to be non-deterministic on various Intel CPUs. The data here is currently research and not necessarily considered a security issue, but a reproducer has been included.
© 2022 Packet Storm. All rights reserved.