Reptar (vulnerability)
Appearance
CVE identifier(s) | CVE-2023-23583 |
---|---|
Date discovered | 2023 |
Affected hardware | Alder Lake, Raptor Lake, Sapphire Rapids |
Reptar is a CPU vulnerability discovered in late 2023, affecting a number of recent families of Intel x86 CPUs. According to The Register, the following CPU families are vulnerable: Alder Lake, Raptor Lake and Sapphire Rapids.[1]
The Reptar vulnerability relates to processing of x86 instruction prefixes in ways that lead to unexpected behavior. It was discovered by Google's security team.[2][3] The vulnerability can be exploited in a number of ways, potentially leading to information leakage, denial of service, or privilege escalation.[4][5]
It has been assigned the CVE ID CVE-2023-23583.[5] Intel have released new microcode in an out-of-band patch to mitigate the vulnerability, which it calls "redundant prefix".[1][6]
References
[edit]- ^ a b Claburn, Thomas. "Intel out-of-band patch addresses privilege escalation flaw". www.theregister.com. Retrieved 2023-12-14.
- ^ "Reptar: a vulnerability in Intel processors". www.kaspersky.co.uk. 2023-11-27. Retrieved 2023-12-14.
- ^ "Google researchers discover 'Reptar,' a new CPU vulnerability". Google Cloud Blog. November 15, 2023. Retrieved 2023-12-14.
- ^ Kovacs, Eduard (November 15, 2023). "New Intel CPU Vulnerability 'Reptar' Can Allow DoS Attacks, Privilege Escalation". Security Week. Retrieved 2023-12-14.
- ^ a b "CVE - CVE-2023-23583". cve.mitre.org. Retrieved 2023-12-14.
- ^ "INTEL-SA-00950: 2023.4 IPU Out-of-Band (OOB) - Intel® Processor Advisory". Intel. 2023-11-14. Retrieved 2023-12-14.
External links
[edit]