Intel has released microcode updates to address the “Reptar” vulnerability [6], a high-severity CPU bug affecting their 10th Gen CPUs and above. This vulnerability, discovered by Google’s security researchers [1], has the potential to disrupt CPU operations [6], bypass security boundaries [2], and enable privilege escalation [2] [4] [5], information disclosure [1] [2] [5], and denial of service attacks [2].
Description
Intel has released microcode updates for their 10th Gen CPUs and above to address the “Reptar” vulnerability (CVE-2023-23583). This vulnerability affects how affected CPUs handle prefixes [3], potentially altering the behavior of instructions sent by running software [3]. Google’s security researchers discovered the vulnerability [1], which has the potential to disrupt normal CPU operations and bypass security boundaries. It can allow for privilege escalation [4], information disclosure [1] [2] [5], and denial of service attacks [2]. In a multi-tenant virtualized environment [2] [5], exploiting this vulnerability can cause the host machine to crash, resulting in a denial of service to other guest machines [2].
Intel has also rolled out mitigation for their 12th, 13th [1], and 4th generation Intel Xeon processors [1]. While there have been no reported active attacks [1], concerns remain about debugging micro execution [4]. Applying the mitigation may result in performance degradation [1].
Conclusion
The updates released by Intel have likely prevented any potential crisis in the largest cloud environments [3]. However, smaller cloud services may still need to take action [3]. Organizations are advised to check for BIOS/UEFI updates from their system manufacturers to integrate Intel’s firmware updates [5]. It is important to remain vigilant and proactive in addressing CPU vulnerabilities to ensure the security and stability of systems.
References
[1] https://wccftech.com/intel-10th-gen-cpus-above-affected-reptar-vulnerability-12th-13th-gen-cpus-microcode-mitigations/
[2] https://thehackernews.com/2023/11/reptar-new-intel-cpu-vulnerability.html
[3] https://arstechnica.com/security/2023/11/intel-fixes-high-severity-cpu-bug-that-causes-very-strange-behavior/
[4] https://www.techrepublic.com/article/intel-reptar-processor-vulnerability-patched/
[5] https://www.csoonline.com/article/1247597/intel-patches-high-severity-cpu-privilege-escalation-flaw.html
[6] https://winbuzzer.com/2023/11/15/intel-releases-emergency-cpu-update-to-address-high-severity-vulnerability-xcxwbn/