[ad_1]
Intel has launched fixes to shut out a high-severity flaw codenamed Reptar that impacts its desktop, cellular, and server CPUs.
Tracked as CVE-2023-23583 (CVSS rating: 8.8), the difficulty has the potential to “permit escalation of privilege and/or data disclosure and/or denial of service through native entry.”
Profitable exploitation of the vulnerability might additionally allow a bypass of the CPU’s safety boundaries, in accordance with Google Cloud, describing it as a problem stemming from how redundant prefixes are interpreted by the processor.
“The affect of this vulnerability is demonstrated when exploited by an attacker in a multi-tenant virtualized setting, because the exploit on a visitor machine causes the host machine to crash leading to a Denial of Service to different visitor machines working on the identical host,” Google Cloud’s Phil Venables mentioned.
“Moreover, the vulnerability might doubtlessly result in data disclosure or privilege escalation.”
Safety researcher Tavis Normandy, in a separate evaluation of Reptar, mentioned it may be abused to deprave the system state and drive a machine-check exception.
Intel, as a part of November 2023 updates, has printed up to date microcode for all affected processors. The whole record of Intel CPUs impacted by CVE-2023-23583 is offered right here. There’s no proof of any lively assaults utilizing this vulnerability.
“Intel doesn’t count on this difficulty to be encountered by any non-malicious real-world software program,” the corporate mentioned in a steerage issued on November 14. “Malicious exploitation of this difficulty requires execution of arbitrary code.”
The disclosure coincides with the discharge of patches for a safety flaw in AMD processors referred to as CacheWarp (CVE-2023-20592) that lets malicious actors break into AMD SEV-protected VMs to escalate privileges and acquire distant code execution.
[ad_2]