Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 14 Nov 2023 10:31:51 -0800
From: Antonio Gomez Iglesias <antonio.gomez.iglesias@...el.com>
To: <oss-security@...ts.openwall.com>
Subject: CVE-2023-23583: Intel - Denial of Service - Privilege Escalation
 (Reptar)

Name of the issue: Redundant Prefix Issue


Description of the issue
Under certain microarchitectural conditions, Intel has identified cases
where execution of an instruction (REP MOVSB) encoded with a redundant
REX prefix may result in unpredictable system behavior resulting in a
system crash/hang, or, in some limited scenarios, may allow escalation
of privilege from CPL3 to CPL0.
This Redundant Prefix Issue is assigned CVE-2023-23583 with a CVSS Base
Score of 8.8 High CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.


Mitigation
Intel is providing a microcode update to mitigate this issue: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20231114

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.