Intel has launched microcode updates for a number of generations of cell, desktop, and server CPUs to repair a vulnerability that may be exploited to set off on the very least a denial-of-service situation, however probably privilege escalation and data disclosure. The flaw may be exploited if an attacker has native code execution on the working system, together with on visitor digital machines. In a multi-tenant virtualized setting, attackers may exploit the vulnerability from a visitor VM to crash the host system, leading to denial of service for all different visitor VMs operating on the identical server.
Organizations are suggested to test for BIOS/UEFI updates with their respective system producers, which ought to begin integrating Intel’s firmware updates. The variations of the patched microcode for each affected Intel CPU are listed within the firm’s advisory.
Instruction prefixes that must be ignored however aren’t
The vulnerability is tracked as CVE-2023-23583, however researchers from Google who discovered and reported the flaw to Intel have additionally dubbed it Reptar after the widespread rep instruction prefix.
Based on a technical write-up by Google safety researcher Tavis Ormandy, the problem stems from the best way instruction prefixes are processed on CPUs that help a brand new characteristic known as quick quick repeat transfer (FSRM). CPU microcode is the low-level code that controls the hardware-level CPU primarily based on the standardized instruction set structure that’s uncovered to programmers. The instruction set may be accessed by means of human-readable machine code code in meeting language.
Writing meeting code means working immediately with CPU directions and these directions help a collection of prefixes that change the best way they work. Nonetheless, not each prefix applies to each instruction. For instance, the code “rep movsb” makes use of the prefix rep, which implies repeat for the instruction movsb that’s used to maneuver reminiscence on x86 CPUs from a supply to a vacation spot. Within the instance “rex.rxb rep movsb,” the prefix rex is used to allocate extra bits to the instruction for operands, however the movsb doesn’t want it since all its operands are implicit.
Which means the rex prefix is redundant and meaningless on this situation, so the CPU microcode will simply ignore it — or at the very least it’s imagined to. What Ormandy and his Google colleagues discovered is that on CPUs the place FSRM is energetic, these redundant or conflicting prefixes are interpreted in a bizarre means resulting in a safety vulnerability.