A critical CPU vulnerability can pose a significant threat by allowing:-
- Unauthorized access to sensitive data
- Enabling malicious code execution
- Compromise the overall security of a system.
- System manipulation
Exploitation of such vulnerabilities can lead to widespread cyberattacks and significant disruptions.
Recently, Google noted a rise in CPU vulnerabilities this year, as August disclosures reveal the following vulnerabilities for the Intel and AMD CPUs:-
- Downfall (CVE-2022-40982) for Intel CPUs
- Zenbleed (CVE-2023-20593) for AMD CPUs
Besides this, Google recently identified a new CPU vulnerability affecting CPUs from both Intel and AMD, and this vulnerability has been tracked as “CVE-2023-23583,” which is dubbed “Reptar.”
Reptar New CPU Vulnerability
The escalating trend of vulnerabilities poses a threat to billions of personal and cloud computers.
Google’s InfoSec team reported the flaw to Intel, who swiftly disclosed and mitigated the flaw with industry collaboration.
A Google researcher found CPU vulnerability in interpreting redundant prefixes, enabling security bypass. Prefixes modify instruction behavior; however, if conflicting or illogical, then they are termed redundant and often ignored.
Exploiting this flaw in a multi-tenant virtualized setup crashes the host, denying service to other guests. It may also risk information exposure or even privilege escalation as well.
Besides this, Google’s response team had already deployed the mitigation to their systems before it posed a risk to customers, especially those on Google Cloud and ChromeOS.
Flaw Profile
CVEID: CVE-2023-23583
Description: The sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors that may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.
CVSS Base Score: 8.8
Severity: High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Impact of vulnerability: Escalation of Privilege, Denial of Service, Information Disclosure
Original release: 11/14/2023
Last revised: 11/14/2023
Affected Products
Here below, we have mentioned all the Intel products that are affected:-
- 10th Generation Intel® Core™ Processor Family (Mobile)
- 3rd Generation Intel® Xeon® Processor Scalable Family (Server)
- Intel® Xeon® D Processor (Server)
- 11th Generation Intel® Core Processor Family (Desktop Embedded)
- 11th Generation Intel® Core Processor Family (Mobile Embedded)
- Intel® Server Processor (Server Embedded)
Products Mitigated
Here below, we have mentioned all the products that have already been mitigated:-
- 12th Generation Intel® Core™ Processor Family (Mobile) (Mitigated Microcode Version: 0x2b)
- 4th Generation Intel® Xeon® Processor Scalable Family (Server) (Mitigated Microcode Version: 0x2B000461)
- 13th Generation Intel® Core™ Processor Family (Desktop) (Mitigated Microcode Version: 0x410E)
These vulnerabilities (Reptar, Zenbleed, Downfall) highlight the ongoing and uprising trend of hardware vulnerabilities that are evolving at a rapid pace.
The evolution of these vulnerabilities also rapidly fuels up the threat complexity and makes mitigations harder; that’s why Google heavily investing in CPU research, collaborating closely for user safety.
Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.
