Intel has produced fixes to close out a large-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs.
Tracked as CVE-2023-23583 (CVSS rating: 8.8), the issue has the likely to “make it possible for escalation of privilege and/or facts disclosure and/or denial of services through nearby access.”
Effective exploitation of the vulnerability could also permit a bypass of the CPU’s security boundaries, in accordance to Google Cloud, describing it as an issue stemming from how redundant prefixes are interpreted by the processor.
“The effects of this vulnerability is demonstrated when exploited by an attacker in a multi-tenant virtualized setting, as the exploit on a guest machine results in the host equipment to crash resulting in a Denial of Assistance to other visitor machines functioning on the identical host,” Google Cloud’s Phil Venables said.
“On top of that, the vulnerability could probably guide to information and facts disclosure or privilege escalation.”
Security researcher Tavis Normandy, in a separate assessment of Reptar, explained it can be abused to corrupt the procedure state and force a machine-verify exception.
Intel, as section of November 2023 updates, has printed current microcode for all afflicted processors. The entire record of Intel CPUs impacted by CVE-2023-23583 is out there below. There is no evidence of any lively attacks utilizing this vulnerability.
“Intel does not hope this issue to be encountered by any non-malicious real-entire world software package,” the business mentioned in a advice issued on November 14. “Destructive exploitation of this issue needs execution of arbitrary code.”
The disclosure coincides with the launch of patches for a security flaw in AMD processors identified as CacheWarp (CVE-2023-20592) that allows destructive actors break into AMD SEV-shielded VMs to escalate privileges and attain distant code execution.
Uncovered this short article exciting? Follow us on Twitter and LinkedIn to read additional special material we put up.
Some areas of this write-up are sourced from: