Intel has actually released fixes to close out a high-severity defect codenamed Reptar that affects its desktop, mobile, and server CPUs.
Tracked as CVE-2023-23583 (CVSS rating: 8.8), the problem has the potential to “permit escalation of advantage and/or info disclosure and/or denial of service by means of local access.”
Effective exploitation of the vulnerability could also permit a bypass of the CPU’s security borders, according to Google Cloud, which described it as a concern stemming from how redundant prefixes are translated by the processor.
” The effect of this vulnerability is shown when made use of by an enemy in a multi-tenant virtualized environment, as the make use of on a visitor device causes the host machine to crash leading to a Denial of Service to other guest devices operating on the same host,” Google Cloud’s Phil Venables said.
” Additionally, the vulnerability could possibly result in info disclosure or opportunity escalation.”
Security scientist Tavis Normandy, in a different analysis of Reptar, stated it can be abused to corrupt the system state and require a machine-check exception.
Intel, as part of November 2023 updates, has actually released upgraded microcode for all impacted processors. The complete list of Intel CPUs affected by CVE-2023-23583 is offered here. There is no evidence of any active attacks using this vulnerability.
” Intel does not expect this problem to be encountered by any non-malicious real-world software,” the business stated in an assistance issued on November 14. “Malicious exploitation of this issue needs execution of approximate code.”
The disclosure corresponds with the release of patches for a security flaw in AMD processors called CacheWarp (CVE-2023-20592) that lets harmful actors burglarize AMD SEV-protected VMs to escalate benefits and get remote code execution.