this post was submitted on 14 Nov 2023
0 points (50.0% liked)

Security

5005 readers
1 users here now

Confidentiality Integrity Availability

founded 4 years ago
MODERATORS
top 1 comments
sorted by: hot top controversial new old
[–] [email protected] 2 points 1 year ago

This is the best summary I could come up with:


The flaw, affecting virtually all modern Intel CPUs, causes them to “enter a glitch state where the normal rules don’t apply,” Tavis Ormandy, one of several security researchers inside Google who discovered the bug, reported.

Once triggered, the glitch state results in unexpected and potentially serious behavior, most notably system crashes that occur even when untrusted code is executed within a guest account of a virtual machine, which, under most cloud security models, is assumed to be safe from such faults.

During testing in August, Ormandy noticed that the REX prefix was generating “unexpected results” when running on Intel CPUs that support a newer feature known as fast short repeat move, which was introduced in the Ice Lake architecture to fix microcoding bottlenecks.

This already seemed like it could be indicative of a serious problem, but within a few days of experimenting we found that when multiple cores were triggering the same bug, the processor would begin to report machine check exceptions and halt.

Jerry Bryant, Intel’s senior director of Incident Response & Security Communications, said on Tuesday that company engineers were already aware of a “functional bug” in older CPU platforms that could result in a temporary denial of service and had scheduled a fix for next March.

For everyone else, the most important takeaway is this: “However, we simply don’t know if we can control the corruption precisely enough to achieve privilege escalation.” That means it’s not possible for people outside of Intel to know the true extent of the vulnerability severity.


The original article contains 861 words, the summary contains 254 words. Saved 70%. I'm a bot and I'm open source!