Shulou(Shulou.com)11/24 Report--

Thank CTOnews.com netizens for the delivery of clues created by Dream! CTOnews.com, Nov. 15 (Xinhua) Intel released the latest version of the microcode update on Tuesday to fix a serious CPU vulnerability that could be used to attack a cloud host.

The vulnerability, known as "Reptar" and code-named CVE-2023-23583, is related to how the affected CPU handles prefixes that change the behavior of instructions to run software, affecting almost all 10 generations and newer Intel CPU, including privilege escalation, denial of service, and information disclosure.

Simply put, Intel x64 decoding usually allows you to ignore redundant prefixes (that is, prefixes that are meaningless in a given fragment) without any consequences.

In a test in August, Google security researcher Tavis Ormandy noticed "unexpected results" when the REX prefix is on the latest Intel CPU. This type of CPU supports a feature called Fast short repetitive Mobility (FSRM), which was originally introduced in the Ice Lake architecture to address microcode bottlenecks.

According to Ormandy, this vulnerability can cause the processor to "enter an abnormal state where normal rules do not apply", which, when triggered, can lead to unexpected and potentially serious behavior, most notably the execution of untrusted code in the guest account of the virtual machine and a system crash, which is considered secure under most cloud security models.

Ormandy says unexpected behavior occurs when extra rex.r prefixes are added to FSRM-optimized rep mov operations.

We observed some very strange behavior during the test. For example, jump to an unexpected location, unconditional branches are ignored, and the processor no longer accurately records instruction pointers in xsave or call instructions.

Oddly enough, when we try to understand what happened, we see a debugger reporting an impossible status!

This seems to indicate that there may be a serious problem, but after a few days of experimentation, we found that when multiple cores trigger the same vulnerability, the processor begins to report errors and stop running.

We have verified that this problem can occur even in unprivileged guest virtual machines, so this is already a serious security threat to cloud providers. Of course, as soon as we confirm that this is a security issue, we will immediately report to Intel.

Jerry Bryant, Intel's senior head of incident response and security communications, said on Tuesday that the company's engineers had identified "functional vulnerabilities" in the old CPU platform that could lead to temporary service disruptions and planned to fix them in March next year.

Intel initially rated its severity rating at 5, but Intel and Google insiders found a loophole in which it could raise power, so the rating was raised to 8.8.

Thanks to the diligence and expertise of Intel security researchers, a potential vector that could lead to privilege escalation (EoP) was later discovered. Based on the updated CVSS 3.0 score of 8.8 (high), this discovery changes the way we alleviate this problem for our customers, and we will update in advance to be consistent with the planned public disclosure in November 2023.

While preparing the February 2024 Intel platform update package for customer verification, we received the same report from a Google researcher on the same TDoS issue that had been found internally. The researchers cited Google's 90-day disclosure policy and said they would disclose it publicly on November 14, 2023.

Intel's official announcement lists two types of products affected: the current 12-generation core, 13-generation core and the fourth-generation Intel Xeon processors have been updated with microcode. Specifically, the following products will be updated with microcode (CTOnews.com with a specific CPU list):

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.