Google has discovered a new security vulnerability in Intel CPUs that could let attackers execute code on vulnerable systems. The vulnerability has been named “Reptar” by Google and affects numerous Intel CPUs, including those utilized in cloud computing environments.
What is Reptar Vulnerability?
Reptar is a side-channel vulnerability tracked as CVE-2023-23583. It allows attackers to leak information from a vulnerable system and use it to steal sensitive data such as credit card numbers, passwords, etc.
The vulnerability was discovered by Google’s Information Security Engineering team, which notified Intel and industry partners about the issue, and mitigations were rolled out before its public disclosure.
How Was Reptar Discovered?
According to Google’s blog post, a company’s security researcher discovered it in the way the CPU interprets redundant prefixes, and if successfully exploited, it allows attackers to bypass the CPU’s security boundaries.
For your information, prefixes allow users to change how instructions behave by disabling/enabling different features. Those prefixes that don’t make sense or conflict with other prefixes are called redundant prefixes. Such prefixes are generally ignored.
How does Reptar work?
Reptar works by exploiting an issue in the way speculative execution is handled by Intel CPUs. Speculative execution is a technique that allows CPUs to execute instructions before being fully validated. Although this technique is time-saving, it can make CPUs vulnerable to side-channel attacks.
The Reptar vulnerability is a serious risk to multi-tenant virtualized environments, where the exploit causes the host machine to crash on a guest machine, resulting in a denial of service to other guest machines connected to the same host. In addition, it could lead to privilege escalation or information disclosure.
In a multi-tenant virtualized environment, multiple tenants share the same physical hardware, so if one tenant is infected with Reptar, the attacker has access to the other tenants’ data through the same vulnerability.
Aubrey Perin, Lead Threat Intelligence Analyst at Qualys, a Foster City, Calif.-based provider of disruptive cloud-based IT, security and compliance solutions commented on the issue stating, “Unmitigated, this bug could be serious as an attacker could start testing to see if there is any order to the seemingly random outputs. As it stands, it sounds more like an oddity that could be used to take systems down.”
Mr Perin further explained that “Without reviewing the catalogue of patches, it’s hard to say that it’s atypical of the bugs usually found. In this case, where it can cause crashes, security teams should definitely prioritize the patch implementation to eliminate the risk of failure.”
“Researchers do find vulnerabilities all the time, often for bounty, and it benefits users when responsible disclosure practices are followed. Google is a very good practitioner of responsible disclosure, and you can often find references to the researcher or organization who disclosed the vulnerability in the notes associated with patches,” he added.
Intel’s Response
Intel has released an advisory to confirm the issue, explaining that the issue was discovered in some Intel processors caused by an error in the CPU’s handling of redundant prefixes. The company has released a patch for the issue. It was assigned a CVSS score of 8.8 and declared a High-security vulnerability.
This CPU vulnerability impacts several Intel desktop, mobile, and server CPUs., including 10th Generation Intel® Core™ Processor Family, 3rd Generation Intel® Xeon® Processor Scalable Family, Intel® Xeon® D Processor, and 11th Generation Intel® Core Processor Family, and CPUs used in cloud computing environments, etc.
The company is working on a long-term fix. In the meantime, it is advising users to patch their devices immediately.