"A CPU mystery" - Intel just fixed a huge security flaw affecting nearly every CPU out there today

News
By Sead Fadilpašić
published

A bug made Intel CPUs behave in strange and unexpected ways

A stylized Intel Core processor in a futuristic motherboard
(Image credit: Intel)

Intel has fixed a high-severity flaw found in most of today’s CPUs which could have been used to crash endpoints and escalate privileges on cloud devices. 

While Intel does this on a daily basis, this time it’s different. That’s because this time, the flaw made the CPU “enter a state where normal rules don’t apply”. The CPU would glitch out entirely, and the benchmark would give results that simply shouldn’t be possible.

The researcher who first discovered and reported on the flaw, Google’s Travis Ormandy, called it a “CPU mystery”. The flaw is now dubbed Reptar, and can be tracked as CVE-2023-23583. 

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Security implications

In a blog post in which he detailed the flaw, Ormandy said the bug was found when the CPU tries to manage prefixes. In a gross oversimplification of things, when a programmer wants to move memory on x86, they create an instruction. When they want to change how the instruction works, they use prefixes. 

Some prefixes don’t make sense in a given context, and Intel built their CPUs to ignore them without consequence. However, last summer, Ormandy observed the REX prefix generating “unexpected results”, when running on CPUs with a relatively new feature known as “fast short repeat move”. This feature was first added in the Ice Lake architecture, to fix microcoding bottlenecks, ArsTechnica reported.

When a redundant rex.r prefix was added to the FSRM-optimized rep mov operation, here’s what happens: “For example, branches to unexpected locations, unconditional branches being ignored and the processor no longer accurately recording the instruction pointer in xsave or call instructions,” Ormandy wrote. “Oddly, when trying to understand what was happening we would see a debugger reporting impossible states!”

But the real red flag was waved when the researchers verified the bug inside an unprivileged guest VM, “so this already has serious security implications for cloud providers”.

Intel said that it was already aware of a “functional bug” in older CPU platforms, and with a severity score of 5/10, gave itself a March deadline to fix the issue. However, with these new findings concluding that the bug could be used for escalation of privilege, the flaw got an updated severity score of 8.8, forcing Intel to push the update sooner. 

The full list of affected CPUs can be found here.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.