Intel has released fixes for a high-severity flaw, codenamed Reptar, that affects its desktop, mobile, and server CPUs. The vulnerability, tracked as CVE-2023-23583, has the potential to allow escalation of privilege, information disclosure, and denial of service through local access. Successful exploitation of the vulnerability could also bypass the CPU’s security boundaries. Researchers have found that the vulnerability can be used to corrupt the system state and force a machine-check exception.
Google Cloud has stated that the vulnerability’s impact is demonstrated in a multi-tenant virtualized environment, where an exploit on a guest machine causes the host machine to crash, resulting in a denial of service to other guest machines. It could also lead to information disclosure or privilege escalation. Intel has published updated microcode for all affected processors as part of their November 2023 updates. There is currently no evidence of active attacks using this vulnerability.
Intel has stated that they do not expect this issue to be encountered by any non-malicious real-world software, as malicious exploitation of the issue requires the execution of arbitrary code. This disclosure coincides with the release of patches for another security flaw in AMD processors called CacheWarp, which allows attackers to break into AMD SEV-protected VMs to escalate privileges and gain remote code execution.
Source link