Preface: In modern processor design, the Floating Point Unit (FPU) is no longer a separate co-processor that needs to be installed; it is now an integrated, standard component built directly into every CPU core.
Background: Unlike early processors that used slow software to mimic math, modern chips like the AMD EPYC use dedicated physical logic to handle numbers instantly.
When you ask a CPU to add two floating-point numbers, it follows a high-speed “assembly line” process:
1. Alignment: The CPU compares the exponents of the two numbers. It shifts the mantissa of the smaller number until their decimal points align.
2. Calculation: Dedicated hardware—like a Floating-point Adder or Multiplier—performs the binary math on the mantissas.
3. Normalization: The result is shifted so that it starts with a single non-zero digit (e.g., changing 0.011 x (2 to power 5) to 1.1 x (2 to power 3)).
4. Rounding: Since binary cannot represent every decimal perfectly, the FPU applies rounding rules to fit the result into the standard bit size (32-bit or 64-bit).
Technical details: Researchers shared with AMD a report titled “TREVEX: A Black-Box Detection Framework For Data-Flow Transient Execution Vulnerabilities.”
The researchers’ paper introduced a Floating-Point Value Injection (FPVI) variant, which could allow an attacker with a deep understanding of microarchitectural behavior to inject values into vector registers during transient execution. Although they noted similarities with FPVI, they initially reported the finding as a new issue due to its capability to be triggered without denormal values as inputs.
Official announcement: AMD believes that their FPVI variant falls within the existing scope of CVE-2021-26314 (FPVI) as existing descriptions of FPVI do not specifically require denormal inputs. Additionally, AMD believes that existing mitigation guidance for FPVI remains valid.
Please refer to the link for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7050.html