Reptar (vulnerability)

Reptar
CVE identifier(s)CVE-2023-23583
Date discovered2023
Affected hardwareAlder Lake, Raptor Lake, Sapphire Rapids

Reptar is a CPU vulnerability discovered in late 2023, affecting a number of recent families of Intel x86 CPUs. According to The Register, the following CPU families are vulnerable: Alder Lake, Raptor Lake and Sapphire Rapids.[1]

The Reptar vulnerability relates to processing of x86 instruction prefixes in ways that lead to unexpected behavior. It was discovered by Google's security team.[2][3] The vulnerability can be exploited in a number of ways, potentially leading to information leakage, denial of service, or privilege escalation.[4][5]

It has been assigned the CVE ID CVE-2023-23583.[5] Intel have released new microcode in an out-of-band patch to mitigate the vulnerability, which it calls "redundant prefix".[1][6]

References

[edit]
  1. ^ a b Claburn, Thomas. "Intel out-of-band patch addresses privilege escalation flaw". www.theregister.com. Retrieved 2023-12-14.
  2. ^ "Reptar: a vulnerability in Intel processors". www.kaspersky.co.uk. 2023-11-27. Retrieved 2023-12-14.
  3. ^ "Google researchers discover 'Reptar,' a new CPU vulnerability". Google Cloud Blog. November 15, 2023. Retrieved 2023-12-14.
  4. ^ Kovacs, Eduard (November 15, 2023). "New Intel CPU Vulnerability 'Reptar' Can Allow DoS Attacks, Privilege Escalation". Security Week. Retrieved 2023-12-14.
  5. ^ a b "CVE - CVE-2023-23583". cve.mitre.org. Retrieved 2023-12-14.
  6. ^ "INTEL-SA-00950: 2023.4 IPU Out-of-Band (OOB) - Intel® Processor Advisory". Intel. 2023-11-14. Retrieved 2023-12-14.
[edit]