Intel fixes CPU privilege escalation flaw affecting most CPUs

intel processor by slejven-djurakovic

Intel has patched a high-severity vulnerability affecting almost all Intel CPUs, including Ice Lake, Rocket Lake, Tiger Lake, Raptor Lake, Alder Lake, and Sapphire Rapids.

Multiple Google research teams, including Google Information Security Engineering and the Silifuzz team, independently discovered the vulnerability, which was named Reptar.

“A Google security researcher identified a vulnerability related to how redundant prefixes are interpreted by the CPU which leads to bypassing the CPU’s security boundaries if exploited successfully. Prefixes allow you to change how instructions behave by enabling or disabling features,” said Phil Venables, VP/CISO, Google Cloud.

The flaw, identified as CVE-2023-23583 and termed a ‘Redundant Prefix Issue’ had the potential for malicious actors to exploit it for privilege escalation, authorised access to sensitive information, or causing a denial of service state, particularly impactful for cloud service providers.

The vulnerability, related to executing the instruction REP MOVSB encoded with a redundant REX prefix, could, under specific microarchitectural conditions, result in unpredictable system behaviour, leading to system crashes and hangs.

New write-up on an Intel Ice Lake CPU vulnerability, we can effectively corrupt the RoB with redundant prefixes! 🔥 An updated microcode is available today for all affected products, cloud providers should patch ASAP.https://t.co/7fPo45iddV

— Tavis Ormandy (@taviso) November 14, 2023

“The impact of this vulnerability is demonstrated when exploited by an attacker in a multi-tenant virtualized environment, as the exploit on a guest machine causes the host machine to crash resulting in a Denial of Service to other guest machines running on the same host. Additionally, the vulnerability could potentially lead to information disclosure or privilege escalation,” warned Google.

Intel assured that non-malicious real-world software was not expected to encounter this issue, as redundant REX prefixes are not typically present in code or generated by compilers. The company identified the potential for privilege escalation in limited scenarios during internal security validation in a controlled Intel lab environment.

Affected systems, including those with Alder Lake, Raptor Lake, and Sapphire Rapids processors, received updated microcodes before November 2023, with no observed performance impact or expected issues. For other CPUs, Intel released firmware updates, urging users to update their BIOS, system OS, and drivers through their original equipment manufacturer (OEM), operating system vendor (OSV), and hypervisor vendors.

In the News: SSH key vulnerability may lead to protocol reevaluation