Tavis Ormandy, a member of Google’s Project Zero, recently reported a vulnerability named Reptar (CVE-2023-23583) that exploits the unused bit of the MOVSB instruction to move data into a register. Intentionally running code with this deliberate mistake can lead to the CPU entering an unintended state, causing the system to crash even if it runs within a restricted virtual machine.
This bug stems from the Fast Short Repeat Move (FSRM) feature, which is designed to efficiently move strings. By intentionally misusing the MOVSB instruction with an incorrect prefix value for a register, the CPU is forced into an incorrect state and halts its operation. FSRM was introduced in the Ice Lake CPU.
The initial impact of Reptar is that it can cause customer clouds to crash, affecting other customers as well. Moreover, there is a possibility of elevating the privilege level of the running code to gain control over the entire system.
Ormandy discovered this flaw while working on Oracle Serialization, using random programming and inserting fence instructions to enforce sequential execution for the CPU. By comparing the final state of the CPU with the initial state, it can be determined if there are any abnormalities.
Intel has now released patches for all affected CPUs. It is recommended that general users promptly update their operating systems to the latest firmware.
TLDR: Tavis Ormandy from Google Project Zero reported a vulnerability called Reptar that exploits an unused bit in the MOVSB instruction, causing the CPU to enter an unintended state and potentially crashing the system. Reptar can impact customer clouds and may allow elevation of code privileges. Intel has released patches for affected CPUs, and users should update their operating systems promptly.
Leave a Comment