Reptar (vulnerability)

From HandWiki
Short description: Intel CPU vulnerability discovered in late 2023

Reptar is a CPU vulnerability discovered in late 2023, affecting a number of recent families of Intel x86 CPUs. According to The Register, the following CPU families are vulnerable: Alder Lake, Raptor Lake and Sapphire Rapids.[1]

The Reptar vulnerability relates to processing of x86 instruction prefixes in ways that lead to unexpected behavior. It was discovered by Google's security team.[2][3] The vulnerability can be exploited in a number of ways, potentially leading to information leakage, denial of service, or privilege escalation.[4][5]

It has been assigned the CVE ID CVE-2023-23583.[5] Intel have released new microcode in an out-of-band patch to mitigate the vulnerability, which it calls "redundant prefix".[1][6]

References

  1. 1.0 1.1 Claburn, Thomas. "Intel out-of-band patch addresses privilege escalation flaw" (in en). https://www.theregister.com/2023/11/14/intel_outofband_patch/. 
  2. "Reptar: a vulnerability in Intel processors" (in en-US). 2023-11-27. https://www.kaspersky.co.uk/blog/reptar-cpu-vulnerability/26978/. 
  3. "Google researchers discover 'Reptar,' a new CPU vulnerability" (in en-US). November 15, 2023. https://cloud.google.com/blog/products/identity-security/google-researchers-discover-reptar-a-new-cpu-vulnerability. 
  4. Kovacs, Eduard (November 15, 2023). "New Intel CPU Vulnerability 'Reptar' Can Allow DoS Attacks, Privilege Escalation". https://www.securityweek.com/new-intel-cpu-vulnerability-reptar-can-allow-dos-attacks-privilege-escalation/. 
  5. 5.0 5.1 "CVE - CVE-2023-23583". https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23583. 
  6. "INTEL-SA-00950: 2023.4 IPU Out-of-Band (OOB) - Intel® Processor Advisory" (in en). 2023-11-14. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html. 

External links




Retrieved from "https://handwiki.org/wiki/index.php?title=Reptar_(vulnerability)&oldid=3432586"