The U.S. chip manufacturer Intel has patched a high-severity vulnerability affecting central processing units (CPUs) in its desktop, mobile and server products.
The successful exploitation of the bug could allow hackers to gain higher-level access to the system, obtain sensitive information and even cause the machine to crash.
The vulnerability, tracked as CVE-2023-23583 and codenamed Reptar, carries the CVSS severity score of 8.8 out of 10. There haven’t been any reported incidents of an attack through Reptar in the wild.
“Intel does not expect this issue to be encountered by any non-malicious real-world software,” the company said.
On Tuesday, Intel released updates for affected processors, with some of them already receiving updated microcode — which helps CPUs understand and execute complex instructions — before this month.
According to separate research on the vulnerability conducted by Google, Reptar can manipulate software instructions by adding a redundant prefix to them. This manipulation can lead to unpredictable system behavior, resulting in a system crash, researchers said.
Google said that it has seen an increase in the number of vulnerabilities impacting CPUs across hardware systems.
Often referred to as the “brains” of the computer, CPUs perform calculations, manage data, and control other hardware components to execute tasks. Bugs in these components can impact billions of personal and cloud computers, researchers said.
Earlier in August, Google researchers discovered the Downfall (CVE-2022-40982) and Zenbleed (CVE-2023-20593) vulnerabilities, affecting Intel and AMD CPUs.
The Downfall vulnerability can be exploited by threat actors to obtain sensitive information, such as passwords and encryption keys.
This week, the U.S. litigation firm Bathaee Dunne filed a lawsuit against Intel over its handling of the Downfall vulnerability. According to the complaint, customers are displeased that fixes for the bugs led to performance degradation and accuse Intel of selling CPUs that it knew were flawed over the course of several years.
On Tuesday, researchers also discovered a CacheWarp vulnerability affecting AMD processors. This flaw poses risks to virtual machines — software-based emulations of a physical computer — as attackers can exploit it to gain access to the system and retrieve data.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.
