November 14, 2023 at 01:09PM
Intel has released an out-of-band security update to address a privilege escalation vulnerability in recent server and PC chips. The flaw, called INTEL-SA-00950, affects certain chip families and is being patched with a microcode update. Intel discovered the issue internally and there have been no reported active attacks. Google also found a similar flaw and planned to disclose it on the same day as Intel’s update. The vulnerability could be used for denial-of-service attacks and privilege escalation. The patch is OS loadable and does not impact performance.
Key Takeaways:
– Intel has released an out-of-band security update to address a privilege escalation vulnerability in recent server and personal computer chips.
– The vulnerability, designated as INTEL-SA-00950, affects Intel Sapphire Rapids, Alder Lake, and Raptor Lake chip families.
– The vulnerability is being addressed with a microcode update as part of Intel’s Patch Tuesday bundle of 31 security advisories covering 104 CVEs.
– Intel discovered the issue internally and had already been preparing for a mitigation through their Intel Platform Update process.
– The microcode update provides a mitigation for the vulnerability, but Intel is not aware of any active attacks using it.
– The vulnerability, known as “Redundant Prefix,” was found by Intel’s own researchers during a review of upcoming functional errata.
– Initially, the vulnerability was considered a denial-of-service issue, but subsequent analysis revealed it could be used for privilege escalation.
– Google also found the same denial-of-service flaw and planned to disclose it on the same day as Intel’s update.
– Intel plans to publish a technical paper and an explanatory video about the vulnerability.
– The update is OS loadable, meaning it can be applied without a system reboot and has no observed performance impact or behavioral changes.
Please let me know if you need any further information or clarification.