Reptar: New Intel CPU Vulnerability Affecting Alder Lake, Raptor Lake, and Sapphire Rapids

Intel has addressed a high-severity CPU vulnerability, dubbed as Reptar and tracked as CVE-2023-23583, impacting a range of its modern processors, including the latest Alder Lake, Raptor Lake, and Sapphire Rapids microarchitectures.

he flaw, described as a ‘Redundant Prefix Issue,’ could potentially allow attackers to escalate privileges, gain access to sensitive information, or induce a denial of service state, posing significant risks, especially for cloud providers.

The vulnerability arises under specific microarchitectural conditions when executing an instruction (REP MOVSB) encoded with a redundant REX prefix. In certain scenarios, this could lead to unpredictable system behavior, resulting in a system crash or hang. More critically, in limited instances, there’s a possibility of privilege escalation from CPL3 to CPL0.

Intel, while emphasizing that real-world non-malicious software is not expected to encounter this issue, recommends immediate mitigation measures. The company has already released updated microcodes for affected systems, including those with Alder Lake, Raptor Lake, and Sapphire Rapids, with no observed performance impact.

Google’s information security research teams, including those from Google Information Security Engineering and the silifuzz team, independently discovered this vulnerability, branding it as ‘Reptar.’ Tavis Ormandy from Google revealed that the bug triggers unusual behavior, such as branches to unexpected locations and processor malfunction when multiple cores are affected.