Security researcher Tavis Ormandi, working at Google, has discovered a new CPU vulnerability in Intel processors called Reptar. This vulnerability, identified as CVE-2023-23583, primarily poses a danger to cloud systems that use virtual machines from different users. By exploiting this vulnerability, an attacker can cause the system to freeze or shut down unexpectedly when specific actions are performed in unconfigured guest systems. To test the vulnerability, Google has released sample code on GitHub.
Reptar poses a theoretical risk of privilege escalation from the third to the zero protection ring (CPL0) and allows an attacker to exit the isolated environment. However, it should be noted that this scenario has not been confirmed in practice due to the difficulties in debugging at the microarchitectural level. Intel’s internal investigation has also found the potential possibility of using the vulnerability to increase privileges under certain conditions.
According to Ormandi, Reptar affects several generations of Intel processors, including Ice Lake, Rocket Lake, Tiger Lake, Rapton Lake, Alder Lake, and Sapphire Rapids. Intel’s own report confirms that the issue begins with the 10th generation (Ice Lake) Intel Core processors, as well as the third generation Xeon Scalable processors. The vulnerability is also present in other processors like Xeon E/D/W, Atom, Broadwell, Skylake, Cascade Lake, Cooper Lake, Comet Lake, and more.
Intel has addressed the Reptar vulnerability in the latest microcode update, released on November 14, 2023. Users are advised to update their systems to ensure protection against this CPU vulnerability. More details can be found on Intel’s security advisory page.