Reptar (vulnerability)

Reptar is a CPU vulnerability discovered in late 2023, affecting a number of recent families of Intel x86 CPUs. According to The Register, the following CPU families are vulnerable: Alder Lake, Raptor Lake and Sapphire Rapids.[1]

Reptar
CVE identifier(s)CVE-2023-23583
Date discovered2023
Affected hardwareAlder Lake, Raptor Lake, Sapphire Rapids

The Reptar vulnerability relates to processing of x86 instruction prefixes in ways that lead to unexpected behavior. It was discovered by Google's security team.[2][3] The vulnerability can be exploited in a number of ways, potentially leading to information leakage, denial of service, or privilege escalation.[4][5]

It has been assigned the CVE ID CVE-2023-23583.[5] Intel have released new microcode in an out-of-band patch to mitigate the vulnerability, which it calls "redundant prefix".[1][6]

References

edit
  1. ^ a b Claburn, Thomas. "Intel out-of-band patch addresses privilege escalation flaw". www.theregister.com. Retrieved 2023-12-14.
  2. ^ "Reptar: a vulnerability in Intel processors". www.kaspersky.co.uk. 2023-11-27. Retrieved 2023-12-14.
  3. ^ "Google researchers discover 'Reptar,' a new CPU vulnerability". Google Cloud Blog. November 15, 2023. Retrieved 2023-12-14.
  4. ^ Kovacs, Eduard (November 15, 2023). "New Intel CPU Vulnerability 'Reptar' Can Allow DoS Attacks, Privilege Escalation". Security Week. Retrieved 2023-12-14.
  5. ^ a b "CVE - CVE-2023-23583". cve.mitre.org. Retrieved 2023-12-14.
  6. ^ "INTEL-SA-00950: 2023.4 IPU Out-of-Band (OOB) - Intel® Processor Advisory". Intel. 2023-11-14. Retrieved 2023-12-14.
edit