Security News New Reptar CPU flaw impacts Intel desktop and server systems

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Intel has fixed a high-severity CPU vulnerability in its modern desktop, server, mobile, and embedded CPUs, including the latest Alder Lake, Raptor Lake, and Sapphire Rapids microarchitectures.

Attackers can exploit the flaw—tracked as CVE-2023-23583 and described as a 'Redundant Prefix Issue'—to escalate privileges, gain access to sensitive information, or trigger a denial of service state (something that could prove very costly for cloud providers).

"Under certain microarchitectural conditions, Intel has identified cases where execution of an instruction (REP MOVSB) encoded with a redundant REX prefix may result in unpredictable system behavior resulting in a system crash/hang, or, in some limited scenarios, may allow escalation of privilege (EoP) from CPL3 to CPL0," Intel said.

"Intel does not expect this issue to be encountered by any non-malicious real-world software. Redundant REX prefixes are not expected to be present in code nor generated by compilers. Malicious exploitation of this issue requires execution of arbitrary code. Intel identified the potential for escalation of privilege in limited scenarios as part of our internal security validation in a controlled Intel lab environment."

Specific systems with affected processors, including those with Alder Lake, Raptor Lake, and Sapphire Rapids, have already received updated microcodes before November 2023, with no performance impact observed or expected issues.

The company also released microcode updates to address the issue for the other CPUs, with users advised to update their BIOS, system OS, and drivers to receive the latest microcode from their original equipment manufacturer (OEM), operating system vendor (OSV), and hypervisor vendors.

The rest
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top