With the publication of an official bulletin, Intel announced that it has resolved a highly critical security vulnerability (classified with the identifier CVE-2023-23583). The flaw in question affects different categories of processors Intel, including those for desktops, servers, mobile devices and systems embedded. The company led by Pat Gelsinger has confirmed the presence of the security problem even in the most recent microarchitectures such as Alder Lake, Raptor Lake e Sapphire Rapids.
What is the Reptar vulnerability and how can it be exploited
The researchers who discovered it assigned the nickname challenge to vulnerability. By exploiting it, attackers can acquire elevated privilegesaccess confidential information, or cause an attack Of the (Denial of Service), preventing the smooth operation of the machine. All highly impactful issues, especially on the servers used by provider cloudnormally shared with a large number of user-customers.
From a more purely technical point of view, the vulnerability in question is known as “Redundant Prefix Issue” and can possibly be abused in particular conditions.
At the microarchitectural level, theREP MOVSB instruction it is commonly used to perform a copy operation of the contents of memory blocks. The so-called REX prefixes (Rex Prefix) can be used in assembly language to extend or modify an operation. In the case of Intel processors, REX is often used to indicate operations involving extended registers. For example, using REX, 64-bit registers can be used instead of 32-bit, thus extending the processing capacity.
However, it may happen that the REX prefix is used superfluously or when the use of this prefix is not necessary for the specific operation that the instruction is carrying out. In these situations we talk about REX redundant.
An attacker who manages to exploit the “coupling” REP MOVSB with redundant REX can cause unpredictable behaviors on the vulnerable system. Consequences include system shutdown/crash orescalation of privileges da CPL3 a CPL0.
On the x86 platform, privileges are organized into four levels, known as Current Privilege Level (CPL). These levels range from CPL0 (the lowest level, with the highest privileges) to CPL3 (the highest level, with the lowest privileges). In the case of the Reptar vulnerability, the attacker can gain complete control of the system by performing operations that would normally be prohibited to a normal user (switching, in fact, from CPL3 to CPL0).
Security flaw already fixed by Intel with the microcode update
Although Intel “publicized” the existence of the Reptar vulnerability today, the company says it has already distributed the microcode updates to partner companies. The various motherboard manufacturers, therefore, have already had the opportunity to release updated BIOS versionscapable of putting a solution to the problem in question.
Users are advised to also install operating system updates and system driver updates to ensure they receive all the necessary fixes.
Intel, however, wanted to throw water on the fire: at the moment it has not detected attacks based on the exploitation of Reptar. Furthermore, redundant REX prefixes should not be present in normal application code or added by compilers. Nothing precludes, however, an attacker from exploiting the problem using arbitrary code.