From 7030fdeccfe2d51a3bc17f33f4047b272c281021 Mon Sep 17 00:00:00 2001 From: Solar Designer Date: Wed, 15 Nov 2023 22:46:05 +0100 Subject: [PATCH] Add CVE-2023-23583 --- docs/issues/CVE-2023-23583.md | 25 +++++++++++++++++++++++++ docs/packages/microcode_ctl.md | 2 +- 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 docs/issues/CVE-2023-23583.md diff --git a/docs/issues/CVE-2023-23583.md b/docs/issues/CVE-2023-23583.md new file mode 100644 index 0000000..9b2c9da --- /dev/null +++ b/docs/issues/CVE-2023-23583.md @@ -0,0 +1,25 @@ +# CVE-2023-23583: microcode_ctl: Intel CPUs: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior + +## Summary + +As described by [Intel](https://www.openwall.com/lists/oss-security/2023/11/14/4): + +Under certain microarchitectural conditions, Intel has identified cases where execution of an instruction (REP MOVSB) encoded with a redundant REX prefix may result in unpredictable system behavior resulting in a system crash/hang, or, in some limited scenarios, may allow escalation of privilege from CPL3 to CPL0. + +and by [Red Hat](https://access.redhat.com/security/cve/CVE-2023-23583): + +A security vulnerability was found in some Intel processors. Execution of REP MOVSB instructions with a redundant REX prefix may result in execution continuing at an incorrect EIP address after a micro-architectural event occurs, potentially allowing privilege escalation, information disclosure and/or a denial of service via local access. + +as well as in [CVE-2023-23583](https://www.cve.org/CVERecord?id=CVE-2023-23583). + +More detail is available via these [links to Intel's website](https://www.openwall.com/lists/oss-security/2023/11/14/7) and in the public disclosure by [Tavis Ormandy](https://lock.cmpxchg8b.com/reptar.html) from [Google](https://cloud.google.com/blog/products/identity-security/google-researchers-discover-reptar-a-new-cpu-vulnerability). + +Public disclosure date: November 14, 2023 + +## EL9 + +Fixed in version: `4:20231114-1.el9_2.security` available November 15, 2023 + +## EL8 + +Not fixed yet, will fix. diff --git a/docs/packages/microcode_ctl.md b/docs/packages/microcode_ctl.md index b326d9e..1f84b24 100644 --- a/docs/packages/microcode_ctl.md +++ b/docs/packages/microcode_ctl.md @@ -2,7 +2,7 @@ ## EL9 -- Version `4:20231114-1` +- Version `4:20231114-1.el9_2.security` - Based on `4:20230808-2` ### Changes summary