A vulnerability in Intel processors causes virtual machines to crash. Intel has now rolled out a fix.

In a blog, Google explains the vulnerability CVE-2023-23583, which also has the ominous-sounding name Reptar. The vulnerability may affect various types of Intel processors, including laptop, desktop and server processors. With a CVSS score of 8.8 out of ten, this is a serious vulnerability. The danger exists especially for those who use virtual machines.

The vulnerability abuses the way processors process data. A statement is often associated with a prefix, a piece of code that often consists of just a few characters. This small piece of code has a big impact on how the processor processes the instruction. Google has found that manipulating the prefix can trigger “strange behavior” on the processor.

Short circuit

The trick is to create a “redundant” prefix, a string that doesn’t make sense or conflicts with another prefix. Normally a processor ignores a redundant prefix, but due to the error the processor tries to process it anyway. This will cause a short circuit in the processor and crash the virtual machine.

Intel initially didn’t see the error as a major problem and only rated the vulnerability five out of ten points. However, Google warns that the vulnerability could lead to data loss. The CVSS score was then adjusted by a few points. It is unclear to what extent privilege escalation can be provoked

True to form, Google waited ninety days before making the vulnerability public. This gave Intel time to provide fixes. A microcode update is available for both the Core processors in laptops and desktops and the Xeon server processors. The patch arrives on your device via the manufacturer.

Intel has had its hands full fixing bugs in recent months. The downfall bug also threatens to be a real downfall for Intel. The chip manufacturer is threatened with a lawsuit because it was unable to fix the vulnerability without significantly reducing the performance of the chips.