Security News > 2023 > November > New Reptar CPU flaw impacts Intel desktop and server systems
Intel has fixed a high-severity CPU vulnerability in its modern desktop, server, mobile, and embedded CPUs, including the latest Alder Lake, Raptor Lake, and Sapphire Rapids microarchitectures.
"Under certain microarchitectural conditions, Intel has identified cases where execution of an instruction encoded with a redundant REX prefix may result in unpredictable system behavior resulting in a system crash/hang, or, in some limited scenarios, may allow escalation of privilege from CPL3 to CPL0," Intel said.
"Intel does not expect this issue to be encountered by any non-malicious real-world software. Redundant REX prefixes are not expected to be present in code nor generated by compilers. Malicious exploitation of this issue requires execution of arbitrary code. Intel identified the potential for escalation of privilege in limited scenarios as part of our internal security validation in a controlled Intel lab environment."
The complete list of Intel CPUs affected by the CVE-2023-23583 vulnerability and mitigation guidance are available here.
Earlier this year, Google security researchers discovered the Downfall vulnerability impacting modern Intel CPUs and the Zenbleed flaw, which lets attackers steal sensitive data like passwords and encryption keys from systems with AMD Zen2 CPUs.
New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs. New critical Citrix NetScaler flaw exposes 'sensitive' data.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-23583 | Incorrect Default Permissions vulnerability in multiple products Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. | 7.8 |