Intel has produced fixes to close out a higher-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs.
Tracked as CVE-2023-23583 (CVSS rating: 8.8), the issue has the prospective to “let escalation of privilege and/or facts disclosure and/or denial of service via nearby obtain.”
Profitable exploitation of the vulnerability could also allow a bypass of the CPU’s security boundaries, according to Google Cloud, describing it as an issue stemming from how redundant prefixes are interpreted by the processor.
“The effect of this vulnerability is demonstrated when exploited by an attacker in a multi-tenant virtualized setting, as the exploit on a visitor equipment triggers the host device to crash resulting in a Denial of Support to other guest equipment functioning on the same host,” Google Cloud’s Phil Venables stated.
“Furthermore, the vulnerability could possibly direct to data disclosure or privilege escalation.”
Security researcher Tavis Normandy, in a independent assessment of Reptar, said it can be abused to corrupt the process state and force a machine-check exception.
Intel, as part of November 2023 updates, has posted updated microcode for all impacted processors. The full listing of Intel CPUs impacted by CVE-2023-23583 is accessible here. There is no evidence of any energetic attacks working with this vulnerability.
“Intel does not anticipate this issue to be encountered by any non-malicious authentic-entire world software program,” the business explained in a direction issued on November 14. “Malicious exploitation of this issue needs execution of arbitrary code.”
The disclosure coincides with the release of patches for a security flaw in AMD processors termed CacheWarp (CVE-2023-20592) that allows destructive actors crack into AMD SEV-protected VMs to escalate privileges and get distant code execution.
Located this posting fascinating? Stick to us on Twitter and LinkedIn to browse much more unique information we put up.
Some parts of this article are sourced from:
thehackernews.com