On Tuesday, Intel released a microcode update that fixed a bug in CPUs that attackers could exploit against cloud hosts, reports ArsTechnica.
This bug, designated CVE-2023-23583, affected almost all modern Intel processors. According to one of Google’s security researchers, Tavis Ormandy, the bug caused processors to “enter a state of failure when normal rules do not apply.”
The bug is related to the way the affected processors manage prefixes, which change the behavior of instructions sent by running software. Intel’s x64 decoding usually allowed it to ignore unnecessary prefixes, but as Ormandy noticed, the REX prefix began to produce unusual and unexpected results.
Google also shared the following details about the bug:
The impact of this vulnerability is demonstrated when exploited by an attacker in a multi-tenant virtualized environment, as the exploit on a guest machine causes the host machine to crash resulting in a Denial of Service to other guest machines running on the same host. Additionally, the vulnerability could potentially lead to information disclosure or privilege escalation.
Microcode updates will be available from device or motherboard manufacturers. Reportedly, average users are unlikely to face any immediate threat from this vulnerability, but they should still contact the manufacturer to have the bug fixed.
Intel has also shared a table that shows which processors are affected and how.