• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
reptar: new intel cpu vulnerability impacts multi tenant virtualized environments

Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments

You are here: Home / General Cyber Security News / Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments
November 15, 2023

Intel has produced fixes to close out a large-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs.

Tracked as CVE-2023-23583 (CVSS rating: 8.8), the issue has the likely to “make it possible for escalation of privilege and/or facts disclosure and/or denial of services through nearby access.”

Effective exploitation of the vulnerability could also permit a bypass of the CPU’s security boundaries, in accordance to Google Cloud, describing it as an issue stemming from how redundant prefixes are interpreted by the processor.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Cybersecurity

“The effects of this vulnerability is demonstrated when exploited by an attacker in a multi-tenant virtualized setting, as the exploit on a guest machine results in the host equipment to crash resulting in a Denial of Assistance to other visitor machines functioning on the identical host,” Google Cloud’s Phil Venables said.

“On top of that, the vulnerability could probably guide to information and facts disclosure or privilege escalation.”

Security researcher Tavis Normandy, in a separate assessment of Reptar, explained it can be abused to corrupt the procedure state and force a machine-verify exception.

Intel, as section of November 2023 updates, has printed current microcode for all afflicted processors. The entire record of Intel CPUs impacted by CVE-2023-23583 is out there below. There is no evidence of any lively attacks utilizing this vulnerability.

Cybersecurity

“Intel does not hope this issue to be encountered by any non-malicious real-entire world software package,” the business mentioned in a advice issued on November 14. “Destructive exploitation of this issue needs execution of arbitrary code.”

The disclosure coincides with the launch of patches for a security flaw in AMD processors identified as CacheWarp (CVE-2023-20592) that allows destructive actors break into AMD SEV-shielded VMs to escalate privileges and attain distant code execution.

Uncovered this short article exciting? Follow us on Twitter  and LinkedIn to read additional special material we put up.


Some areas of this write-up are sourced from:
thehackernews.com

Previous Post: «alert: microsoft releases patch updates for 5 new zero day vulnerabilities Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities
Next Post: Three Ways Varonis Helps You Fight Insider Threats three ways varonis helps you fight insider threats»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
  • Top 10 Best Practices for Effective Data Protection
  • Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
  • Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
  • Pen Testing for Compliance Only? It’s Time to Change Your Approach
  • 5 BCDR Essentials for Effective Ransomware Defense
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Copyright © TheCyberSecurity.News, All Rights Reserved.