New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments

Nov 15, 2023NewsroomVulnerability / Hardware Security

Intel CPU vulnerability

Intel released fixes to close a serious bug codenamed rept which affects its desktop, mobile, and server CPUs.

Tracked as CVE-2023-23583 (CVSS score: 8.8), the ISSUES has the potential to “allow privilege escalation and/or information disclosure and/or denial of service through local access.”

Successful exploitation of the vulnerability could also allow a bypass of CPU security boundaries, according to Google Cloud, which describes it as an issue arising from how redundant prefixes are interpreted by the processor.

Cybersecurity

“The impact of this vulnerability is demonstrated when exploited by an attacker in a multi-tenant virtualized environment, as exploiting a guest machine causes the host machine to crash resulting in a Denial of Service to other guest machines running on the same host, ” Phil Venables of Google Cloud SAYS.

“Furthermore, the vulnerability could lead to information disclosure or privilege escalation.”

Security researcher Tavis Normandy, in a different analysis by Reptar, said it could be abused to undermine the state system and force a engine check exception.

Intel, as part of the November 2023 updates, has published updated microcode for all affected processors. A complete list of Intel CPUs affected by CVE-2023-23583 is available HERE. there there is no evidence of any active attacks exploit this weakness.

Cybersecurity

“Intel does not expect this issue to be encountered in any non-malicious real-world software,” the company SAYS in a guide issued on November 14. “Malicious exploitation of this issue requires the execution of arbitrary code.”

The disclosure coincides with the release of patches for a security flaw in AMD processors called CacheWarp (CVE-2023-20592) that allows malicious actors to infiltrate VMs protected by AMD SEV to increase privileges and get remote code execution.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment