a Intel Corporationa North American chip maker, corrected a Severe weakness that affects Central processing units (Central Processing Units) in your products desktop, furniture that it Servers.
Successful exploitation of this bug – tracked as CVE-2023-23583 and codenamed Reptar – could allow cybercriminals to gain higher-level access to the system, being able to access confidential information and even crash the device. The CVSS vulnerability has a severity score of 8.8 out of 10.
“Intel does not expect any non-malicious software in the real world to have this problem.”The company says. Intel has already released updates for affected processors, with some receiving updated microcode — which helps CPUs execute complex instructions — before this month.
According to the investigation he conducted Google Regarding the vulnerability, Reptar is able to manipulate program instructions by adding a redundant prefix, which may lead to unexpected system behavior and lead to system failure. There has been an increase in the number of vulnerabilities affecting the CPU in hardware systems, according to Google.
Central processing units perform calculations, generate data and control other hardware components to perform tasks, and these errors could affect billions of personal and cloud computers, researchers warn.
In early August, Google researchers discovered vulnerabilities in Downfall and Zenbleed, which affect Intel and AMD CPUs. In particular, Downfall can be exploited to obtain sensitive information such as passwords and encryption keys.
Recently, Bathaee Dunne took legal action against Intel over the way it handled the Downfall vulnerability. Customers were unhappy with the performance degradation caused by the bug fixes and accused Intel of selling CPUs that the company had known to be defective for years, according to the complaint.
Researchers also discovered the CacheWarp vulnerability that affects AMD processors, posing a risk to virtual machines, as cybercriminals can exploit it to access the system and recover data.