Microcode Patches Incoming For Intel And AMD

Source: The Register Microcode Patches Incoming For Intel And AMD

Meet Reptar And CacheWarp

Today reveals another set of security concerns about the microcode on certain AMD and Intel CPUs.  The flaws are not easy to leverage but theoretically could be used, and so patching is a wise idea. Thankfully neither the Intel patch against Reptar nor AMD’s CacheWarp fix will have no impact on performance, so you won’t have to balance security and usability.  The Intel patch for Sapphire Rapids, Alder Lake, and Raptor Lake should show up on your machine in the near future, while AMD’s patch will only be pushed to vulnerable machines.

The CacheWarp vulnerability targets AMD Secure Encrypted Virtualization so the vast majority of users should have no concerns, system admins on the other hand should keep an eye out.  An attacker uses page table errors to force the VM to pull stale data from a memory cache, allowing them to attempt to revert a variable to a previous state.  An example of this is to revert an unauthenticated session to one which was authenticated, thus gaining access to your VM.  The Register’s links will take you to the proof of concept and AMD’s announcement.

Intel’s Reptar is a little more concerning, originally given a low rating as leveraging redundant prefixes generally would just lead to denial of service by hanging or crashing the system.  Further investigation revealed that it could also be abused to escalate privileges, which significantly raised the vulnerability rating.  This one is being pushed, so you should be patched soon, and you should not see any impact on performance.

"Intel discovered this issue internally and was already preparing the ecosystem to release a mitigation through our well-documented Intel Platform Update process," the company said in a statement provided to The Register.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!