The strange vulnerability could have allowed for escalation of privilege, denial of service or information disclosure attacks.
Intel has published a fix for a potential vulnerability that affected some Intel processors. The security flaw, named Reptar, causes “very strange behavior,” said Google’s Tavis Ormandy, who is one of the researchers who discovered the bug.
No attacks have been reported using the Reptar bug. However, Ormandy noted the bug is potentially wide-reaching and not yet fully understood: “… we simply don’t know if we can control the corruption precisely enough to achieve privilege escalation,” he wrote on his site about the Reptar vulnerability. “I suspect that it is possible, but we don’t have any way to debug μop (micro) execution!”
- What is the Reptar bug?
- Intel patched a variety of processors
- Intel was aware of the possible bug earlier this year
- How to defend against the Reptar vulnerability
What is the Reptar bug?
Put very simply, Reptar breaks some basic rules of how processors usually work and could lead to a system crash, escalation of privilege attacks, denial of service attacks or unwanted information disclosure.
The problem was with the prefixes used to modify instructions when writing x86 assembly. The prefix rex could interact in unexpected ways on machines with a feature called fast short repeat move; this feature was first introduced in Intel’s Ice Lake architecture. Ormandy has a much more technical explanation.
SEE: Google Cloud advised security teams should keep an eye out for a wide variety of attacks in 2024 (TechRepublic)
The “strange behavior” Ormandy and his Google colleagues found included branches to unexpected locations, unconditional branches being ignored and inaccurate recordings of the instruction pointer in xsave or call instructions. Ormandy also found that a debugger returned impossible states when the researchers were trying to look into the problem.
MITRE tracks this bug as CVE-2023-23583.
Intel patched a variety of processors
On Nov. 14, Intel addressed the potential flaw in a variety of processors. the following processors. Intel mitigated the flaw in:
- 12th Generation Intel Core Processors.
- 4th Generation Intel Xeon Processors.
- 13th Generation Intel Core Processors.
Intel released a microcode update for:
- 10th Generation Intel Core Processors.
- 3rd Generation Intel Xeon Processor Scalable Family processors.
- The Intel Xeon D Processor.
- The 11th Generation Intel Core Processor Family on desktop and mobile.
- The Intel Server Processor.
Intel was aware of the possible bug earlier this year
Intel had been aware of this bug previously to the Google researchers’ work on it and was moving the bug through Intel’s standardized Intel Platform Update process. Intel had scheduled a fix for March, ArsTechnica found, but the Google team’s discovery of the possible escalation of privileges made it a higher priority.
An Intel statement provided to TechRepublic by email said, “At the request of customers, including OEMs and CSPs, this process (the Intel Platform Update process) typically includes a validation, integration and deployment window after Intel deems the patch meets production quality, and helps ensure that mitigations are available to all customers on all supported Intel platforms when the issue is publicly disclosed.”
How to defend against the Reptar vulnerability
Intel recommends that organizations using the affected processors update to the latest versions. System administrators should make sure their BIOS, system OS and drivers are up to date. System admins can visit Intel’s microcode repository to download the microcode and can contact Intel or their operating system vendor for more information.
This potential vulnerability is a good reminder to keep all software and hardware up to date.