A recently discovered vulnerability, named ‘Reptar,’ is impacting several generations of Intel CPUs, including those from the 10th generation onward. While Intel has addressed the issue for the 12th and 13th generations, other processors remain susceptible. This security flaw, deemed a ‘severe risk’ with a CVSS score of 8.8, was identified by Google’s security research team as CVE-2023-23583. It has the potential to disrupt ongoing software instructions, leading to unpredictable system behavior and crashes.
According to Google security researcher Tavis Ormandy, Reptar causes CPU malfunction, resulting in unexpected behavior, particularly affecting virtual machines. This vulnerability poses significant threats to the security of cloud hosts and infrastructure, potentially exposing the data of many individuals to risks.
We verified this worked even inside an unprivileged guest VM, so this already has serious security implications for cloud providers. Naturally, we reported this to Intel as soon as we confirmed this was a security issue.
Intel has released a solution for the Reptar vulnerability, initially targeting the 12th and 13th generations, as well as 4th-gen Intel Xeon processors. Despite affecting laptops, desktops, and servers, there have been no reported exploits, leading Intel to prioritize newer generations in addressing the issue.”
It’s important to note that applying Intel’s fix could potentially impact the performance of the affected chips.