oss-sec mailing list archives
Re: CVE-2023-23583: Intel - Denial of Service - Privilege Escalation (Reptar)
From: HW42 <hw42 () ipsumj de>
Date: Tue, 14 Nov 2023 20:19:05 +0100
Solar Designer:
On Tue, Nov 14, 2023 at 10:31:51AM -0800, Antonio Gomez Iglesias wrote:Name of the issue: Redundant Prefix Issue Description of the issue Under certain microarchitectural conditions, Intel has identified cases where execution of an instruction (REP MOVSB) encoded with a redundant REX prefix may result in unpredictable system behavior resulting in a system crash/hang, or, in some limited scenarios, may allow escalation of privilege from CPL3 to CPL0. This Redundant Prefix Issue is assigned CVE-2023-23583 with a CVSS Base Score of 8.8 High CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. Mitigation Intel is providing a microcode update to mitigate this issue: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20231114Thank you, Antonio! Here's a writeup and reproducer tool by Tavis Ormandy: https://lock.cmpxchg8b.com/reptar.html The GitHub release page above links to Intel security advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html which specifies what CPU generations are affected (from 10th generation Intel Core or 3rd generation Xeon Scalable to current), and links to a table with "an exhaustive list of processors" matched against this issue and previously disclosed issues: https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html It also says "Please refer to the technical paper here for additional information", where "here" is a link supposedly to "the technical paper", but it's a non-existent page currently, so I'm not posting the URL yet (not sure if it'll stay the same when the page is published).
I think that link should point to https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/redundant-prefix-issue.html This one can be found in the affected processors table. Simon
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE-2023-23583: Intel - Denial of Service - Privilege Escalation (Reptar) Antonio Gomez Iglesias (Nov 14)
- Re: CVE-2023-23583: Intel - Denial of Service - Privilege Escalation (Reptar) Demi Marie Obenour (Nov 14)
- Re: CVE-2023-23583: Intel - Denial of Service - Privilege Escalation (Reptar) Solar Designer (Nov 14)
- Re: CVE-2023-23583: Intel - Denial of Service - Privilege Escalation (Reptar) Solar Designer (Nov 14)
- Re: CVE-2023-23583: Intel - Denial of Service - Privilege Escalation (Reptar) HW42 (Nov 14)
- Re: CVE-2023-23583: Intel - Denial of Service - Privilege Escalation (Reptar) Antonio Gomez Iglesias (Nov 14)
- Re: CVE-2023-23583: Intel - Denial of Service - Privilege Escalation (Reptar) HW42 (Nov 14)
- Re: CVE-2023-23583: Intel - Denial of Service - Privilege Escalation (Reptar) Demi Marie Obenour (Nov 14)