Home Cyber Security Intel Patches Widespread Processor Vulnerability

Intel Patches Widespread Processor Vulnerability

0
Intel Patches Widespread Processor Vulnerability

[ad_1]

The unusual vulnerability may have allowed for escalation of privilege, denial of service or info disclosure assaults.

Intel has printed a repair for a possible vulnerability that affected some Intel processors. The safety flaw, named Reptar, causes “very unusual conduct,” stated Google’s Tavis Ormandy, who is without doubt one of the researchers who found the bug.

No assaults have been reported utilizing the Reptar bug. Nevertheless, Ormandy famous the bug is probably wide-reaching and never but totally understood: “… we merely don’t know if we are able to management the corruption exactly sufficient to realize privilege escalation,” he wrote on his website in regards to the Reptar vulnerability. “I believe that it’s doable, however we don’t have any option to debug μop (micro) execution!”

Bounce to:

What’s the Reptar bug?

Put very merely, Reptar breaks some primary guidelines of how processors normally work and will result in a system crash, escalation of privilege assaults, denial of service assaults or undesirable info disclosure.

The issue was with the prefixes used to change directions when writing x86 meeting. The prefix rex may work together in surprising methods on machines with a characteristic referred to as quick quick repeat transfer; this characteristic was first launched in Intel’s Ice Lake structure. Ormandy has a way more technical rationalization.

SEE: Google Cloud suggested safety groups ought to preserve a watch out for a large number of assaults in 2024 (TechRepublic)

The “unusual conduct” Ormandy and his Google colleagues discovered included branches to surprising areas, unconditional branches being ignored and inaccurate recordings of the instruction pointer in xsave or name directions. Ormandy additionally discovered {that a} debugger returned unimaginable states when the researchers had been attempting to look into the issue.

MITRE tracks this bug as CVE-2023-23583.

Intel patched a wide range of processors

On Nov. 14, Intel addressed the potential flaw in a wide range of processors. the next processors. Intel mitigated the flaw in:

  • twelfth Era Intel Core Processors.
  • 4th Era Intel Xeon Processors.
  • thirteenth Era Intel Core Processors.

Intel launched a microcode replace for:

  • tenth Era Intel Core Processors.
  • third Era Intel Xeon Processor Scalable Household processors.
  • The Intel Xeon D Processor.
  • The eleventh Era Intel Core Processor Household on desktop and cellular.
  • The Intel Server Processor.

Intel was conscious of the doable bug earlier this 12 months

Intel had been conscious of this bug beforehand to the Google researchers’ work on it and was shifting the bug by way of Intel’s standardized Intel Platform Replace course of. Intel had scheduled a repair for March, ArsTechnica discovered, however the Google workforce’s discovery of the doable escalation of privileges made it a better precedence.

An Intel assertion offered to TechRepublic by e-mail stated, “On the request of consumers, together with OEMs and CSPs, this course of (the Intel Platform Replace course of) usually features a validation, integration and deployment window after Intel deems the patch meets manufacturing high quality, and helps be sure that mitigations can be found to all prospects on all supported Intel platforms when the problem is publicly disclosed.”

Find out how to defend in opposition to the Reptar vulnerability

Intel recommends that organizations utilizing the affected processors replace to the most recent variations. System directors ought to be sure their BIOS, system OS and drivers are updated. System admins can go to Intel’s microcode repository to obtain the microcode and might contact Intel or their working system vendor for extra info.

This potential vulnerability is an efficient reminder to maintain all software program and {hardware} updated.

[ad_2]

LEAVE A REPLY

Please enter your comment!
Please enter your name here