Also discovered by Google researchers, the CVE-2023-23583 vulnerability concerns the unexpected behavior of numerous Intel processors in handling redundant prefixes. And it is a flaw that can pose risks regarding the security of privileges, information, and the operation of a system.
“A sequence of CPU instructions that leads to unexpected behavior for some Intel processors can allow an authenticated user to potentially trigger privilege escalation and/or information disclosure and/or denial of service via local access. – Intel”
The Google researchers who discovered the flaw, it must be said, have not been able to assess how much this anomaly, identified with the name Reptar, can actually be exploited to circumvent privileges and thus take control of a system. But they have shown how it can be exploited on a virtual machine to cause the system on which it is run to crash.
As a result, while it poses minimal danger to the consumer user, it can also be a huge problem for companies such as cloud services. It is therefore not surprising that it was classified with a CVSS 3.0 (Common Vulnerability Scoring System) score of 8.8, which corresponds to a high risk.
The problem, among other things, affects a large number of architectures used by Intel for desktop, mobile and server products, starting with Xeon processors with Haswell architecture to 13th generation processors with Raptor Lake architecture. In the latter case, however, it has already been resolved.
New updated microcodes are available before November for 13th Gen desktop CPUs, 12th Gen mobile models, and the 4th Gen Intel Xeon server series. In addition, updates have just been released to fix the issue with other Xeon processors, 10th Gen mobile processors, and 11th Gen mobile and desktop processors. All this, according to Intel, without any impact on the performance of the system.
That said, the company’s obvious suggestion is to update your BIOS and operating system as soon as possible, keeping an eye out for updates in case your processor isn’t one of those that have already received an update. Here is the list of all CPUs affected by the problem.