CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?


Endpoint Security

New Intel CPU Vulnerability ‘Reptar’ Can Allow DoS Attacks, Privilege Escalation

A new Intel CPU vulnerability tracked as Reptar and CVE-2023-23583 can be exploited for DoS attacks and possibly privilege escalation.

Reptar Intel CPU vulnerability

Exploitation of a newly disclosed vulnerability affecting some Intel processors could lead to a crash and possibly to privilege escalation and information disclosure.

Tracked as Reptar and CVE-2023-23583, this high-severity flaw can be leveraged by an attacker who already has access to the targeted system. 

The vulnerability has been found to affect CPUs designed by Intel for desktop, mobile and server devices, including 10th and 11th Gen Core, 3rd Gen Xeon, and Xeon D. The chip giant has started releasing microcode updates that patch the issue.

“End users do not have to take any special actions to apply these mitigations other than ensuring that their BIOS, system OS, and drivers are up to date,” Intel said.

The company has credited its own employees as well as several Google employees for independently identifying the vulnerability. 

The name Reptar was given to the security bug by Google, which on Tuesday made public technical details

Google noted that the issue is related to the way redundant prefixes are interpreted by Intel processors, allowing for a security bypass. 

“Prefixes allow you to change how instructions behave by enabling or disabling features. The full rules are complicated, but in general, if you use a prefix that doesn’t make sense or conflicts with other prefixes, we call those redundant. Usually, redundant prefixes are ignored,” Phil Venables, VP and CISO at Google Cloud, explained in a blog post.

Advertisement. Scroll to continue reading.

“The impact of this vulnerability is demonstrated when exploited by an attacker in a multi-tenant virtualized environment, as the exploit on a guest machine causes the host machine to crash resulting in a Denial of Service to other guest machines running on the same host. Additionally, the vulnerability could potentially lead to information disclosure or privilege escalation,” Venables added.

This is not the only Intel CPU vulnerability discovered and disclosed recently by Google. In August, the internet giant revealed that Intel processors are affected by a flaw named Downfall, which can be exploited by a local attacker to obtain sensitive information, such as passwords and encryption keys. 

Intel published an additional 30 new security advisories on Tuesday to inform customers about vulnerabilities affecting various products. 

Also on Tuesday, researchers disclosed CacheWarp, a new vulnerability affecting AMD processors. CacheWarp can pose a risk to virtual machines (VMs), potentially allowing attackers to hijack control flow, break into an encrypted VM, and escalate privileges. 

UPDATE: Intel has provided the following statement to SecurityWeek:

“Intel discovered this issue internally and was already preparing the ecosystem to release a mitigation through our well-documented Intel Platform Update process. At the request of customers, including OEMs and CSPs, this process typically includes a validation, integration, and deployment window after Intel deems the patch meets production quality, and helps ensure that mitigations are available to all customers on all supported Intel platforms when the issue is publicly disclosed. While Intel is not aware of any active attacks using this vulnerability, affected platforms have an available mitigation via a microcode update.” 

Related: Companies Respond to ‘Downfall’ Intel CPU Vulnerability 

Related: AMD CPU Vulnerability ‘Zenbleed’ Can Expose Sensitive Information

Related: Chipmaker Patch Tuesday: Intel, AMD Address Over 100 Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Endpoint Security

Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs.

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Endpoint Security

The Zero Day Dilemma

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...