Several generations of Intel CPUs are affected by a new “Reptar” vulnerability that can cause system crashes and hangs. This security flaw is affecting all Intel processors including the 10th generation and above, but only the 12th and 13th gen have received a fix so far.
This vulnerability is labeled as a “severe risk” with a CVSS score of 8.8. It was discovered by the security research team at Google team several months ago. It is codenamed CVE-2023-23583 and is capable of tampering with ongoing software instructions which can cause unpredictable system behavior resulting in a system crash. In technical terms, it has the ability to “allow escalation of privilege and/or information disclosure and/or denial of service via local access.”
Google security researcher Tavis Ormandy says that Reptar causes the CPU to malfunction, leading to “unexpected behavior.” The vulnerability significantly affected virtual machines, jeopardizing the security of cloud hosts and infrastructure, and potentially exposing the data of thousands of individuals to risk.
Ormandy added:
We verified this worked even inside an unprivileged guest VM, so this already has serious security implications for cloud providers. Naturally, we reported this to Intel as soon as we confirmed this was a security issue.
Intel took its time delivering a fix for the issue, but it managed to do so for several generations. For now, Intel has provided mitigation to 12th-generation and 13th-generation processors as well as 4th-generation Intel Xeon processors. Thankfully, there have been no reports of attackers exploiting this vulnerability so far, which is why Intel may have chosen to resolve the flaw on newer generations first.
The issue is affecting laptop, desktop, and server processors alike and there is a chance that a fix from Intel could hinder the chip’s performance.
