Home ยป Google Uncovers a Glitch in C-PUs: Machine Freezes Despite Running on Virtual Machines and Impacting 10th Generation Core Processors

Google Uncovers a Glitch in C-PUs: Machine Freezes Despite Running on Virtual Machines and Impacting 10th Generation Core Processors

Tavis Ormandy, a member of Google’s Project Zero, recently reported a vulnerability named Reptar (CVE-2023-23583) that exploits the unused bit of the MOVSB instruction to move data into a register. Intentionally running code with this deliberate mistake can lead to the CPU entering an unintended state, causing the system to crash even if it runs within a restricted virtual machine.

This bug stems from the Fast Short Repeat Move (FSRM) feature, which is designed to efficiently move strings. By intentionally misusing the MOVSB instruction with an incorrect prefix value for a register, the CPU is forced into an incorrect state and halts its operation. FSRM was introduced in the Ice Lake CPU.

The initial impact of Reptar is that it can cause customer clouds to crash, affecting other customers as well. Moreover, there is a possibility of elevating the privilege level of the running code to gain control over the entire system.

Ormandy discovered this flaw while working on Oracle Serialization, using random programming and inserting fence instructions to enforce sequential execution for the CPU. By comparing the final state of the CPU with the initial state, it can be determined if there are any abnormalities.

Intel has now released patches for all affected CPUs. It is recommended that general users promptly update their operating systems to the latest firmware.

TLDR: Tavis Ormandy from Google Project Zero reported a vulnerability called Reptar that exploits an unused bit in the MOVSB instruction, causing the CPU to enter an unintended state and potentially crashing the system. Reptar can impact customer clouds and may allow elevation of code privileges. Intel has released patches for affected CPUs, and users should update their operating systems promptly.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Report: Vulnerability on Hugging Face Allows for Sending Models to Penetrate Other Users’ AI.

January Windows 10 Patch Delay Alert: Microsoft Notify Users to Manually Execute Partition Resize Command on Update

Warning: Vulnerability in PAN-OS Exposes Path for Hackers to Attack VPN; Attacks Detected, Patch Pending