Heimdal
Home > Cybersecurity News

Patch Now! New Intel CPU Vulnerability Impacts Desktop and Server Systems

The Flaw Enables Escalation of Privileges and Data Theft.

Last updated on November 15, 2023

article featured image

Contents:

Researchers disclosed a new Intel CPU vulnerability that allows escalation of privileges, access to sensitive data, and denial of service via local access.

CVE-2023-23583 has an 8.8 CVSS score and impacts various Intel desktop, mobile, and server CPUs. According to Intel, until now there is no evidence of active exploitation of this flaw.

More About the Intel CPU Vulnerability

CVE-2023-23583, also known as Reptar, was first discovered by an Intel partner during the testing phase in Sapphire Rapids product development. Initially, researchers considered it a functionality bug and fixed it in Sapphire Rapids, Alder Lake, and Raptor Lake.

After that, the analysis of the bug revealed that hackers could use it for temporary denial of service (TDoS). Further on, researchers discovered a vector that permitted escalation of privilege. That`s when the vulnerability`s CVSS score rose from 3.0 to 8.8 (high).

In parallel, a team of researchers within Google also independently discovered the Intel CPU vulnerability and dubbed it Reptar. Tavis Ormandy, researcher at Google, said:

We observed some very strange behavior while testing. For example, branches to unexpected locations, unconditional branches being ignored, and the processor no longer accurately recording the instruction pointer in xsave or call instructions

reptor intel cpu vulnerability

Source: BleepingComputer.com

Intel already released updates to address the vulnerability.

CVE-2023-23583 Impact and Mitigation Measures

Intel published here the list of all CPUs affected by the CVE-2023-23583 vulnerability.

The tech giant described the glitch as a sequence of processor instructions that results in unpredictive behavior for some Intel(R) Processors. As a result, unauthenticated users could be able to:

  • gain escalation of privilege,
  • compromise data integrity
  • use local access to generate denial of service.

As a security measure, Intel urges users to apply patches and update processors to the microcode version.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Heimdal Official Logo
Automate your patch management routine.

Heimdal® Patch & Asset Management Software

Remotely and automatically install Windows, Linux and 3rd party application updates and manage your software inventory.
  • Schedule updates at your convenience;
  • See any software assets in inventory;
  • Global deployment and LAN P2P;
  • And much more than we can fit in here...
Try it for FREE today 30-day Free Trial. Offer valid only for companies.
Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

Related Articles

What Is Automated Patch Management? Process, Benefits, Best Practices & MoreDownfall Vulnerability Exposes Intel CPUs to Data and Encryption Keys StealingHow to Prioritize Vulnerabilities Effectively: Vulnerability Prioritization ExplainedWhat Is Privilege Escalation? Definition, Types and ExamplesHow to Prevent Privilege Escalation Attacks?Data Integrity: What It Means and How to Maintain It

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE
linkedin
youtube
facebook
x

resources

company

newsletter

© 2024 Heimdal®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V