According to a Google researcher who found the bug, Tavis Ormandy’s flaw affects most modern Intel CPUs, causing them to “enter a glitch state where the normal rules don’t apply.”
The bug is being tracked under the common name Reptar and the designation CVE-2023-23583.
Once triggered, the glitch state results in unexpected and potentially serious behaviour, most notably system crashes that occur even when untrusted code is executed within a guest account of a virtual machine, which, under most cloud security models, is assumed to be safe from such faults. Escalation of privileges is possible.
Reptar is related to how affected CPUs manage prefixes, which change the behaviour of instructions sent by running software.
Intel x64 decoding allows redundant prefixes, allowing those that don’t make sense in a given context to be ignored without consequence.
During testing in August, Ormandy noticed that the REX prefix was generating “unexpected results” when running on Intel CPUs that support a newer feature known as fast short repeat move, which was introduced in the Ice Lake architecture to fix micro coding bottlenecks.
The unexpected behaviour occurred when adding the redundant rex.r prefixes to the FSRM-optimised rep mov operation.
Intel’s official bulletin said the updates had not fixed some classes of chips. The microcode updates will be available from device or motherboard manufacturers.
Intel points out that while individuals aren’t likely to face any immediate threat from this vulnerability, they should check with the manufacturer for a fix.
However, due to the vulnerability’s nature, people outside of Intel can’t know the true extent of its severity. Still, anytime code running inside a virtual machine can crash the hypervisor the VM runs on, cloud providers like Google, Microsoft, Amazon, and others will take notice immediately.