National Cyber Warfare Foundation (NCWF) Forums


Reptar – A New CPU Vulnerability Affects Intel and AMD CPUs


0 user ratings
2023-11-16 06:57:36
milo
Red Team (CNA)

 - archive -- 

A critical CPU vulnerability can pose a significant threat by allowing:- Exploitation of such vulnerabilities can lead to widespread cyberattacks and significant disruptions. Recently, Google noted a rise in CPU vulnerabilities this year, as August disclosures reveal the following vulnerabilities for the Intel and AMD CPUs:- Besides this, Google recently identified a new CPU vulnerability […]


The post Reptar – A New CPU Vulnerability Affects Intel and AMD CPUs appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.



A critical CPU vulnerability can pose a significant threat by allowing:-






  • Unauthorized access to sensitive data




  • Enabling malicious code execution




  • Compromise the overall security of a system. 




  • System manipulation





Exploitation of such vulnerabilities can lead to widespread cyberattacks and significant disruptions.





Recently, Google noted a rise in CPU vulnerabilities this year, as August disclosures reveal the following vulnerabilities for the Intel and AMD CPUs:-









Besides this, Google recently identified a new CPU vulnerability affecting CPUs from both Intel and AMD, and this vulnerability has been tracked as “CVE-2023-23583,” which is dubbed “Reptar.”





Reptar New CPU Vulnerability





The escalating trend of vulnerabilities poses a threat to billions of personal and cloud computers. 





Google’s InfoSec team reported the flaw to Intel, who swiftly disclosed and mitigated the flaw with industry collaboration.





A Google researcher found CPU vulnerability in interpreting redundant prefixes, enabling security bypass. Prefixes modify instruction behavior; however, if conflicting or illogical, then they are termed redundant and often ignored.





Exploiting this flaw in a multi-tenant virtualized setup crashes the host, denying service to other guests. It may also risk information exposure or even privilege escalation as well.





Besides this, Google’s response team had already deployed the mitigation to their systems before it posed a risk to customers, especially those on Google Cloud and ChromeOS.





Flaw Profile





CVEID: CVE-2023-23583





Description: The sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors that may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.





CVSS Base Score: 8.8





Severity: High





CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H





Impact of vulnerability: Escalation of Privilege, Denial of Service, Information Disclosure





Original release: 11/14/2023





Last revised: 11/14/2023





Affected Products





Here below, we have mentioned all the Intel products that are affected:-






  • 10th Generation Intel® Core™ Processor Family (Mobile)




  • 3rd Generation Intel® Xeon® Processor Scalable Family (Server)




  • Intel® Xeon® D Processor (Server)




  • 11th Generation Intel® Core Processor Family (Desktop Embedded)




  • 11th Generation Intel® Core Processor Family (Mobile Embedded)




  • Intel® Server Processor (Server Embedded)





Products Mitigated





Here below, we have mentioned all the products that have already been mitigated:-






  • 12th Generation Intel® Core™ Processor Family (Mobile) (Mitigated Microcode Version: 0x2b)




  • 4th Generation Intel® Xeon® Processor Scalable Family (Server) (Mitigated Microcode Version: 0x2B000461)




  • 13th Generation Intel® Core™ Processor Family (Desktop) (Mitigated Microcode Version: 0x410E)





These vulnerabilities (Reptar, Zenbleed, Downfall) highlight the ongoing and uprising trend of hardware vulnerabilities that are evolving at a rapid pace.





The evolution of these vulnerabilities also rapidly fuels up the threat complexity and makes mitigations harder; that’s why Google heavily investing in CPU research, collaborating closely for user safety.





Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.


The post Reptar – A New CPU Vulnerability Affects Intel and AMD CPUs appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.



Source: gbHackers
Source Link: https://gbhackers.com/reptar-a-new-cpu-vulnerability/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Red Team (CNA)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.