Intel has fastened a high-severity CPU vulnerability in its fashionable desktop, server, cellular, and embedded CPUs, together with the most recent Alder Lake, Raptor Lake, and Sapphire Rapids microarchitectures.
Attackers can exploit the flaw—tracked as CVE-2023-23583 and described as a ‘Redundant Prefix Subject’—to escalate privileges, acquire entry to delicate info, or set off a denial of service state (one thing that might show very pricey for cloud suppliers).
“Below sure microarchitectural circumstances, Intel has recognized instances the place execution of an instruction (REP MOVSB) encoded with a redundant REX prefix could end in unpredictable system conduct leading to a system crash/dangle, or, in some restricted eventualities, could permit escalation of privilege (EoP) from CPL3 to CPL0,” Intel mentioned.
“Intel doesn’t anticipate this concern to be encountered by any non-malicious real-world software program. Redundant REX prefixes are usually not anticipated to be current in code nor generated by compilers. Malicious exploitation of this concern requires execution of arbitrary code. Intel recognized the potential for escalation of privilege in restricted eventualities as a part of our inside safety validation in a managed Intel lab setting.”
Particular programs with affected processors, together with these with Alder Lake, Raptor Lake, and Sapphire Rapids, have already acquired up to date microcodes earlier than November 2023, with no efficiency impression noticed or anticipated points.
The corporate additionally launched microcode updates to deal with the problem for the opposite CPUs, with customers suggested to replace their BIOS, system OS, and drivers to obtain the most recent microcode from their authentic tools producer (OEM), working system vendor (OSV), and hypervisor distributors.
The entire listing of Intel CPUs affected by the CVE-2023-23583 vulnerability and mitigation steerage can be found right here.
“Intel recommends updating affected processors to the microcode model listed within the affected processor desk beneath as quickly as doable to mitigate this redundant prefix concern. OSVs may present updates containing this new microcode as quickly as doable,” the corporate added.
Reptar is a ‘very unusual’ vulnerability
Google vulnerability researcher Tavis Ormandy revealed right this moment that this safety bug was additionally independently found by a number of analysis groups inside Google, together with Google Info Safety Engineering and the silifuzz group, who dubbed it Reptar.
As Google Cloud VP and CISO Phil Venables defined right this moment, the vulnerability is said to “how redundant prefixes are interpreted by the CPU which ends up in bypassing the CPU’s safety boundaries if exploited efficiently.”
Whereas, generally, redundant prefixes must be ignored, they’re triggering “very unusual conduct” due to this vulnerability, as found by Ormandy throughout testing.
“We noticed some very unusual conduct whereas testing. For instance, branches to sudden areas, unconditional branches being ignored and the processor not precisely recording the instruction pointer in xsave or name directions,” Ormandy mentioned.
“This already appeared prefer it might be indicative of a significant issue, however inside just a few days of experimenting we discovered that when a number of cores have been triggering the identical bug, the processor would start to report machine verify exceptions and halt.”
Earlier this 12 months, Google safety researchers found the Downfall vulnerability impacting fashionable Intel CPUs and the Zenbleed flaw, which lets attackers steal delicate information like passwords and encryption keys from programs with AMD Zen2 CPUs.
Right now, AMD additionally patched a vulnerability referred to as CacheWarp that lets malicious actors hack AMD SEV-protected VMs to escalate privileges and acquire distant code execution.
