Intel fixes possible privilege escalation vulnerability in CPUs

Intel has released an update for a flaw in its CPUs that can be exploited for privilege escalation. The error was partly discovered by Google and would mainly affect providers of cloud services.

The bug was in the fast short repeat move function that has been in Intel CPUs since 2019 and allows processors to process code with smaller strings faster. Intel says that the bug allows certain instructions with contradictory or illogical REX prefixes to cause crashes. Normally the processor would be able to ignore those wrong prefixes, but with the fsrm function this did not happen for unknown reasons.

Intel talks about ‘unexpected behavior’ that, in addition to crashes, may cause escalation of privilege in ‘limited situations’. The company has released a microcode update for the bug and provides the CVE-2023-23583-bug a severity rating of 8.8. Select desktop processors from 11th generation onwardsor Rocket Lake, are affected by the bug, as are certain server processors and mobile CPUs released since 2019.

Google researchers who also found the error say that the flaw could pose ‘serious security problems’ for cloud providers, but that it is also unclear how exactly the bug works because little is publicly known about the precise functioning of fsrm. The researchers could therefore not say with certainty that the bug could actually lead to privilege escalation. As far as we know, the vulnerability has not been actively exploited.