Security
Headlines
HeadlinesLatestCVEs

Headline

Google Reveals ‘Reptar’ Vulnerability Threatening Intel Processors

By Deeba Ahmed Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments. This is a post from HackRead.com Read the original post: Google Reveals ‘Reptar’ Vulnerability Threatening Intel Processors

HackRead
#vulnerability#mac#google#dos#intel

Google has discovered a new security vulnerability in Intel CPUs that could let attackers execute code on vulnerable systems. The vulnerability has been named “Reptar” by Google and affects numerous Intel CPUs, including those utilized in cloud computing environments.

****What is Reptar Vulnerability?****

Reptar is a side-channel vulnerability tracked as CVE-2023-23583. It allows attackers to leak information from a vulnerable system and use it to steal sensitive data such as credit card numbers, passwords, etc.

The vulnerability was discovered by Google’s Information Security Engineering team, which notified Intel and industry partners about the issue, and mitigations were rolled out before its public disclosure.

****How Was Reptar Discovered?****

According to Google’s blog post, a company’s security researcher discovered it in the way the CPU interprets redundant prefixes, and if successfully exploited, it allows attackers to bypass the CPU’s security boundaries.

For your information, prefixes allow users to change how instructions behave by disabling/enabling different features. Those prefixes that don’t make sense or conflict with other prefixes are called redundant prefixes. Such prefixes are generally ignored.

****How does Reptar work?****

Reptar works by exploiting an issue in the way speculative execution is handled by Intel CPUs. Speculative execution is a technique that allows CPUs to execute instructions before being fully validated. Although this technique is time-saving, it can make CPUs vulnerable to side-channel attacks.

The Reptar vulnerability is a serious risk to multi-tenant virtualized environments, where the exploit causes the host machine to crash on a guest machine, resulting in a denial of service to other guest machines connected to the same host. In addition, it could lead to privilege escalation or information disclosure.

In a multi-tenant virtualized environment, multiple tenants share the same physical hardware, so if one tenant is infected with Reptar, the attacker has access to the other tenants’ data through the same vulnerability.

Aubrey Perin, Lead Threat Intelligence Analyst at Qualys, a Foster City, Calif.-based provider of disruptive cloud-based IT, security and compliance solutions commented on the issue stating, “Unmitigated, this bug could be serious as an attacker could start testing to see if there is any order to the seemingly random outputs. As it stands, it sounds more like an oddity that could be used to take systems down.”

Mr Perin further explained that “Without reviewing the catalogue of patches, it’s hard to say that it’s atypical of the bugs usually found. In this case, where it can cause crashes, security teams should definitely prioritize the patch implementation to eliminate the risk of failure.”

“Researchers do find vulnerabilities all the time, often for bounty, and it benefits users when responsible disclosure practices are followed. Google is a very good practitioner of responsible disclosure, and you can often find references to the researcher or organization who disclosed the vulnerability in the notes associated with patches,” he added.

****Intel’s Response****

Intel has released an advisory to confirm the issue, explaining that the issue was discovered in some Intel processors caused by an error in the CPU’s handling of redundant prefixes. The company has released a patch for the issue. It was assigned a CVSS score of 8.8 and declared a High-security vulnerability.

This CPU vulnerability impacts several Intel desktop, mobile, and server CPUs., including 10th Generation Intel® Core™ Processor Family, 3rd Generation Intel® Xeon® Processor Scalable Family, Intel® Xeon® D Processor, and 11th Generation Intel® Core Processor Family, and CPUs used in cloud computing environments, etc.

The company is working on a long-term fix. In the meantime, it is advising users to patch their devices immediately.

****RELATED ARTICLES****

  1. Intel Responds to ‘Downfall’ Attack with Firmware Updates
  2. Plundervolt: A new attack on Intel processors threatening SGX data
  3. High severity Intel chip flaw left cars, medical, IoT devices vulnerable

Related news

Debian Security Advisory 5563-1

Debian Linux Security Advisory 5563-1 - Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn, Hisham Shafi, Nir Shlomovich, avis Ormandy, Daniel Moghimi, Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela, Doug Kwan, and Kostik Shtoyk discovered that some Intel processors mishandle repeated sequences of instructions leading to unexpected behavior, which may result in privilege escalation, information disclosure or denial of service.

Ubuntu Security Notice USN-6485-1

Ubuntu Security Notice 6485-1 - Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn, Hisham Shafi, Nir Shlomovich, Tavis Ormandy, Daniel Moghimi, Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela, Doug Kwan, and Kostik Shtoyk discovered that some Intel Processors did not properly handle certain sequences of processor instructions. A local attacker could possibly use this to cause a core hang , gain access to sensitive information or possibly escalate their privileges.

We all just need to agree that ad blockers are good

YouTube’s new rules may not be around for long anyway, because they might run afoul of European Union regulations

Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments

Intel has released fixes to close out a high-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs. Tracked as CVE-2023-23583 (CVSS score: 8.8), the issue has the potential to "allow escalation of privilege and/or information disclosure and/or denial of service via local access." Successful exploitation of the vulnerability could also permit a bypass of the CPU's

CVE-2023-23583

Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.