Intel has launched fixes to shut out a high-severity flaw codenamed Reptar that impacts its desktop, cell, and server CPUs.
Tracked as CVE-2023-23583 (CVSS rating: 8.8), the problem has the potential to “permit escalation of privilege and/or info disclosure and/or denial of service through native entry.”
Profitable exploitation of the vulnerability might additionally allow a bypass of the CPU’s security boundaries, based on Google Cloud, describing it as a problem stemming from how redundant prefixes are interpreted by the processor.
“The affect of this vulnerability is demonstrated when exploited by an attacker in a multi-tenant virtualized atmosphere, because the exploit on a visitor machine causes the host machine to crash leading to a Denial of Service to different visitor machines working on the identical host,” Google Cloud’s Phil Venables mentioned.
“Moreover, the vulnerability might probably result in info disclosure or privilege escalation.”
Safety researcher Tavis Normandy, in a separate evaluation of Reptar, mentioned it may be abused to deprave the system state and pressure a machine-check exception.
Intel, as a part of November 2023 updates, has revealed up to date microcode for all affected processors. The whole listing of Intel CPUs impacted by CVE-2023-23583 is offered right here. There isn’t a proof of any lively assaults utilizing this vulnerability.
“Intel doesn’t count on this challenge to be encountered by any non-malicious real-world software program,” the corporate mentioned in a steerage issued on November 14. “Malicious exploitation of this challenge requires execution of arbitrary code.”
The disclosure coincides with the discharge of patches for a security flaw in AMD processors referred to as CacheWarp (CVE-2023-20592) that lets malicious actors break into AMD SEV-protected VMs to escalate privileges and acquire distant code execution.
