Intel has launched microcode updates for a number of generations of cell, desktop, and server CPUs to repair a vulnerability that may be exploited to set off on the very least a denial-of-service situation, however probably privilege escalation and data disclosure. The flaw could be exploited if an attacker has native code execution on the working system, together with on visitor digital machines. In a multi-tenant virtualized surroundings, attackers may exploit the vulnerability from a visitor VM to crash the host system, leading to denial of service for all different visitor VMs operating on the identical server.
Organizations are suggested to examine for BIOS/UEFI updates with their respective system producers, which ought to begin integrating Intel’s firmware updates. The variations of the patched microcode for each affected Intel CPU are listed within the firm’s advisory.
Instruction prefixes that must be ignored however aren’t
The vulnerability is tracked as CVE-2023-23583, however researchers from Google who discovered and reported the flaw to Intel have additionally dubbed it Reptar after the widespread rep instruction prefix.
In accordance with a technical write-up by Google security researcher Tavis Ormandy, the problem stems from the best way instruction prefixes are processed on CPUs that help a brand new characteristic known as quick quick repeat transfer (FSRM). CPU microcode is the low-level code that controls the hardware-level CPU based mostly on the standardized instruction set structure that’s uncovered to programmers. The instruction set could be accessed by means of human-readable machine code code in meeting language.
Writing meeting code means working immediately with CPU directions and these directions help a sequence of prefixes that change the best way they work. Nonetheless, not each prefix applies to each instruction. For instance, the code “rep movsb” makes use of the prefix rep, which implies repeat for the instruction movsb that’s used to maneuver reminiscence on x86 CPUs from a supply to a vacation spot. Within the instance “rex.rxb rep movsb,” the prefix rex is used to allocate further bits to the instruction for operands, however the movsb doesn’t want it since all its operands are implicit.
Because of this the rex prefix is redundant and meaningless on this situation, so the CPU microcode will simply ignore it — or a minimum of it’s imagined to. What Ormandy and his Google colleagues discovered is that on CPUs the place FSRM is energetic, these redundant or conflicting prefixes are interpreted in a bizarre means resulting in a security vulnerability.
