CVE-2023-23583Reptar: Sequence of Processor Instructions Leads to Unexpected Behavior in Intel CPUs

CWE-1281Sequence of Processor Instructions Leads to Unexpected BehaviorCWE-276Incorrect Default Permissions11 documents9 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 89.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian Intel-microcodeDebian LinuxGoogle Chrome Chrome
Timeline
PublishedNov 14
Latest updateNov 17

Description

Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

debiandebian/intel-microcode< intel-microcode 3.20231114.1~deb12u1 (bookworm)

Also affects: Debian Linux 11.0, 12.0

🔴Vulnerability Details

2
GHSA
GHSA-9cgg-v86h-hw54: Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable esc2023-11-14
OSV
CVE-2023-23583: Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable esc2023-11-14

📋Vendor Advisories

4
Ubuntu
Intel Microcode vulnerability2023-11-17
Red Hat
hw: Intel: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior2023-11-14
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2023-235832023-10-24
Debian
CVE-2023-23583: intel-microcode - Sequence of processor instructions leads to unexpected behavior for some Intel(R...2023

🕵️Threat Intelligence

4
Talos
We all just need to agree that ad blockers are good2023-11-16
Talos
We all just need to agree that ad blockers are good2023-11-16
Bleepingcomputer
Citrix Hypervisor gets hotfix for new Reptar Intel CPU flaw2023-11-15
Bleepingcomputer
New Reptar CPU flaw impacts Intel desktop and server systems2023-11-14