Google Uncovers a Critical Vulnerability in Recent Intel Server Processors

Highlights:

• The recently identified Reptar vulnerability stems from a specific combination of instructions and prefixes within Intel processors.
• Google’s researchers have identified that Reptar presents a specific threat in virtualized multitenant settings, such as those in public cloud platforms.

Researchers at Google LLC have found a vulnerability in Intel Corp. processors that might allow hackers to bring down virtual machines and possibly steal data.

The vulnerability, also known as Reptar, was recently exposed by Google in a blog post. Intel, whose engineers discovered Reptar as part of an internal cybersecurity exertion, has assigned the vulnerability a severity level of 8.8 out of a maximum of 10. Before the vulnerability disclosure, the chipmaker already released a patch for the impacted processors.

Reptar was discovered by Google and Intel researchers in the chipmaker’s most recent Sapphire Rapids line of central processing units for servers. Numerous CPU lineups from prior generations and Intel’s most recent desktop processors are also impacted. The Xeon D product series, which comprises specialized processors made for edge computing devices, is also included in the list.

Central Processing Units (CPUs) execute data processing by executing basic computing operations known as instructions. These operations encompass tasks like adding or multiplying numbers and actions such as transferring data within a computer’s memory. Through the combination of a diverse set of instructions, CPUs have the capability to undertake intricate tasks, including the execution of artificial intelligence software.

Processors typically integrate instructions with segments of code referred to as prefixes. These little bits of code, which frequently consist of just a few characters and numbers, alter how computations are performed. For instance, a prefix could alter how an instruction utilizes the memory of the host computer or update the data that the instruction is calculating.

The recently identified Reptar vulnerability arises from a specific combination of instructions and prefixes in Intel processors. This affected instruction is REP MOVSB, enabling a CPU to modify the memory location of a specific piece of data while simultaneously updating multiple other data points. The Reptar vulnerability emerges when REP MOVSB is paired with a prefix known as REX, which is utilized for transferring information between memory locations.

In some situations, combining REP MOVSB and REX can result in code errors. A built-in feature of Intel processors automatically addresses these kinds of problems. However, that mechanism is ineffective in this instance, allowing malicious code to get past a CPU’s cybersecurity safeguards and infect the host computer.

Intel detailed in a security advisory, “Under certain microarchitectural conditions, Intel has identified cases where execution of an instruction (REP MOVSB) encoded with a redundant REX prefix may result in unpredictable system behavior resulting in a system crash/hang, or, in some limited scenarios, may allow escalation of privilege (EoP) from CPL3 to CPL0.”

Researchers at Google found that Reptar presents a specific risk in virtualized multitenant environments, like public cloud platforms. Each server in these settings houses several virtual machines, many of which various clients utilize.

In theory, hackers could lease a virtual machine on a cloud platform and deploy malware based on Reptar to infiltrate the server hosting the virtual machine. Subsequently, they may disrupt other virtual machines on the same server, leading to downtime for users relying on the cloud service. Additionally, Intel suggests that Reptar has the potential to be exploited for data theft and unauthorized access to sensitive user accounts.

Google Cloud’s Chief Information Security Officer, Phil Venables, detailed in the blog post that disclosed Reptar, “Our security teams were able to identify this vulnerability and responsibly disclose it to Intel. Google worked with industry partners to identify and test a successful mitigation so all users are protected from this risk in a timely manner. In particular, Google’s response team ensured a successful rollout of the mitigation to our systems before it posed a risk to our customers.”