Gamingdeputy reported on November 15 that Intel launched the latest microcode update on Tuesday to fix a high-severity CPU vulnerability that may be used to attack cloud hosts.
This vulnerability is called “Reptar“, codenamed CVE-2023-23583, is related to how the affected CPU handles prefixes that change the behavior of running software instructions. Almost all Intel CPUs of the 10th generation and newer will be affected. The main impacts include privilege escalation, denial of service, and information leakage. these three aspects.
Advertisement
Simply put, Intel x64 decoding generally allows redundant prefixes (i.e. prefixes that do not make sense in a given fragment) to be ignored without any consequences.
During testing in August, Google security researcher Tavis Ormandy noticed that the REX prefix produced “unexpected results” on the latest Intel CPUs. These CPUs support a feature called Fast Short Repeat Moves (FSRM), which was originally introduced in the Ice Lake architecture to address microcode bottlenecks.
According to Ormandy, the vulnerability causes the processor to “enter an abnormal state where normal rules do not apply,” which, if triggered, can lead to unexpected and potentially severe behavior, most notably in the guest account of a virtual machine. System crashes can also occur by executing untrusted code, which is considered safe under most cloud security models.
Ormandy said that when redundant rex.r Unexpected behavior occurs when prefixes are added to FSRM-optimized rep mov operations.
Advertisement
We observed some very strange behavior during testing. For example, jumps to unexpected locations, unconditional branches are ignored, and the processor no longer accurately records the instruction pointer in an xsave or call instruction.
Strangely, when we try to understand what’s going on, we see a debugger reporting an impossible state!
This seemed to indicate that there might be a serious problem, but after a few days of experimentation, we found that when multiple cores triggered the same vulnerability, the processor started reporting errors and stalling.
We have verified that this issue occurs even in unprivileged guest VMs, so this is already a serious security threat to cloud providers. Of course, once we confirmed this was a security issue, we reported it to Intel immediately.
Jerry Bryant, Intel’s director of advanced incident response and security communications, said on Tuesday that company engineers have discovered “functional vulnerabilities” on older CPU platforms that could cause temporary service interruptions and plan to fix them in March next year.
Intel initially gave the vulnerability a severity rating of 5, but internal Intel and Google insiders discovered a vulnerability that could lead to privilege escalation, so the rating was raised to 8.8.
Thanks to the diligence and expertise of Intel security researchers, a potential vector that could lead to an elevation of privilege (EoP) was later discovered. With an updated CVSS 3.0 score of 8.8 (High), this finding changes our approach to mitigating this issue for our customers, and we are bringing the update forward to align with our planned public disclosure of November 2023.
While preparing the February 2024 Intel Platform Update package for customer validation, we received an identical report from a researcher at Google regarding the same TDoS issue that had been discovered internally. The researcher cited Google’s 90-day disclosure policy and said they would disclose publicly on November 14, 2023.
Intel’s official announcement lists two categories of affected products: currently 12th generation Core, 13th generation Core and 4th generation Intel Xeon processors have received microcode updates.Specifically, the following products will receive microcode updates (Gamingdeputy attaches specific details) CPU list):