Google LLC researchers have discovered a vulnerability in Intel Corp. processors that could enable hackers to crash virtual machines and potentially steal data.

The search giant disclosed the flaw, which is tracked as Reptar, in a blog post published this morning. Intel, whose engineers separately uncovered Reptar as part of an internal cybersecurity program, says the vulnerability has been given a severity score of 8.8 out of a maximum 10. The chipmaker released a patch for affected processors ahead of today’s vulnerability disclosure.

Google and Intel researchers found Reptar in the chipmaker’s latest Sapphire Rapids line of central processing units for servers. Intel’s newest desktop processors are affected as well, along with a number of previous-generation CPU lineups. Also on the list is the Xeon D product series, which includes specialized processors designed for use in edge computing devices.

CPUs process data by carrying out simple computing operations called instructions. Some of those operations add or multiply numbers, while others perform actions such as moving a piece of data from one part of a computer’s memory to another. By mixing and matching a large number of instructions, CPUs can perform complex tasks such as running artificial intelligence software.

Processors usually combine instructions with pieces of code called prefixes. Those code snippets, which often comprise only a few characters and numbers, modify the way computations are carried out. A prefix might, for example, change how an instruction uses the host computer’s memory or update data on which that instruction is performing a calculation.

The newly discovered Reptar vulnerability is caused by one specific instruction-prefix combination in Intel processors. The affected instruction is REP MOVSB, which allows a CPU to change the memory location where a given piece of data is stored and update multiple other data points at the same time. Reptar emerges when REP MOVSB is combined with a prefix called REX that is also used to move information between memory locations.

Under certain circumstances, REP MOVSB and REX can be combined in a way that causes code errors. Intel processors have a mechanism that automatically mitigates such issues. In this case, however, that mechanism doesn’t work, which allows malicious code to bypass a CPU’s cybersecurity defenses and infect the host machine.

“Under certain microarchitectural conditions, Intel has identified cases where execution of an instruction (REP MOVSB) encoded with a redundant REX prefix may result in unpredictable system behavior resulting in a system crash/hang, or, in some limited scenarios, may allow escalation of privilege (EoP) from CPL3 to CPL0,” Intel detailed in a security advisory.

Google’s researchers determined that Reptar poses a particular risk in virtualized multitenant environments such as public cloud platforms. In such environments, each server hosts multiple virtual machines that are often used by different customers.

Hackers can theoretically rent a virtual machine in a cloud platform and use Reptar-based malware to infect the server on which the virtual machine runs. From there, they could crash the other virtual machines that are installed on the same server, thereby causing downtime for cloud customers. Furthermore, Intel believes that Reptar can potentially be used to steal data and gain access to sensitive user accounts.

“Our security teams were able to identify this vulnerability and responsibly disclose it to Intel,” Phil Venables, Google Cloud’s chief information security officer, detailed in the blog post that disclosed Reptar. “Google worked with industry partners to identify and test a successful mitigation so all users are protected from this risk in a timely manner. In particular, Google’s response team ensured a successful rollout of the mitigation to our systems before it posed a risk to our customers.”

Photo: Unsplash