{"id":1017300,"date":"2023-11-15T05:58:47","date_gmt":"2023-11-15T07:58:47","guid":{"rendered":"https:\/\/teknomers.com\/fr\/reptar-une-nouvelle-vulnerabilite-du-processeur-intel-affecte-les-environnements-virtualises-multi-locataires\/"},"modified":"2023-11-15T05:58:51","modified_gmt":"2023-11-15T07:58:51","slug":"reptar-une-nouvelle-vulnerabilite-du-processeur-intel-affecte-les-environnements-virtualises-multi-locataires","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/reptar-une-nouvelle-vulnerabilite-du-processeur-intel-affecte-les-environnements-virtualises-multi-locataires\/","title":{"rendered":"Reptar\u00a0: une nouvelle vuln\u00e9rabilit\u00e9 du processeur Intel affecte les environnements virtualis\u00e9s multi-locataires"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">15 novembre 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Vuln\u00e9rabilit\u00e9 \/ S\u00e9curit\u00e9 mat\u00e9rielle<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/Reptar-une-nouvelle-vulnerabilite-du-processeur-Intel-affecte-les-environnements.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>Intel a publi\u00e9 des correctifs pour corriger une faille de haute gravit\u00e9 nomm\u00e9e <strong>Reptar<\/strong> cela a un impact sur ses processeurs de bureau, mobiles et de serveur.<\/p>\n<p>Suivi comme <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-23583\" target=\"_blank\"><strong>CVE-2023-23583<\/strong><\/a>  (score CVSS : 8,8), le <a rel=\"nofollow noopener\" href=\"https:\/\/www.intel.com\/content\/www\/us\/en\/security-center\/advisory\/intel-sa-00950.html\" target=\"_blank\">probl\u00e8me<\/a> a le potentiel de \u00ab\u00a0permettre une \u00e9l\u00e9vation de privil\u00e8ges et\/ou une divulgation d&#8217;informations et\/ou un d\u00e9ni de service via un acc\u00e8s local\u00a0\u00bb.<\/p>\n<p>Une exploitation r\u00e9ussie de la vuln\u00e9rabilit\u00e9 pourrait \u00e9galement permettre de contourner les limites de s\u00e9curit\u00e9 du processeur, selon Google Cloud, le d\u00e9crivant comme un probl\u00e8me li\u00e9 \u00e0 la mani\u00e8re dont les pr\u00e9fixes redondants sont interpr\u00e9t\u00e9s par le processeur.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/4WnFxcNN\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/Les-experts-mettent-en-garde-contre-les-pirates-de-ransomware.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>&#8220;L&#8217;impact de cette vuln\u00e9rabilit\u00e9 est d\u00e9montr\u00e9 lorsqu&#8217;elle est exploit\u00e9e par un attaquant dans un environnement virtualis\u00e9 multi-tenant, car l&#8217;exploit sur une machine invit\u00e9e provoque le crash de la machine h\u00f4te, entra\u00eenant un d\u00e9ni de service pour les autres machines invit\u00e9es ex\u00e9cut\u00e9es sur le m\u00eame h\u00f4te. &#8221; Phil Venables de Google Cloud <a rel=\"nofollow noopener\" href=\"https:\/\/cloud.google.com\/blog\/products\/identity-security\/google-researchers-discover-reptar-a-new-cpu-vulnerability\" target=\"_blank\">dit<\/a>.<\/p>\n<p>&#8220;De plus, la vuln\u00e9rabilit\u00e9 pourrait potentiellement conduire \u00e0 la divulgation d&#8217;informations ou \u00e0 une \u00e9l\u00e9vation de privil\u00e8ges.&#8221;<\/p>\n<p>Le chercheur en s\u00e9curit\u00e9 Tavis Normandy, dans un <a rel=\"nofollow noopener\" href=\"https:\/\/lock.cmpxchg8b.com\/reptar.html\" target=\"_blank\">analyse s\u00e9par\u00e9e<\/a> de Reptar, a d\u00e9clar\u00e9 qu&#8217;il pouvait \u00eatre abus\u00e9 pour corrompre l&#8217;\u00e9tat du syst\u00e8me et forcer un <a rel=\"nofollow noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Machine-check_exception\" target=\"_blank\">exception de v\u00e9rification automatique<\/a>.<\/p>\n<p>Intel, dans le cadre des mises \u00e0 jour de novembre 2023, a publi\u00e9 un microcode mis \u00e0 jour pour tous les processeurs concern\u00e9s.  La liste compl\u00e8te des processeurs Intel impact\u00e9s par CVE-2023-23583 est disponible <a rel=\"nofollow noopener\" href=\"https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/topic-technology\/software-security-guidance\/processors-affected-consolidated-product-cpu-model.html\" target=\"_blank\">ici<\/a>.  Il y a <a rel=\"nofollow noopener\" href=\"https:\/\/community.intel.com\/t5\/Blogs\/Products-and-Solutions\/Security\/INTEL-SA-00950-Redundant-Prefix-Issue\/post\/1542030\" target=\"_blank\">aucune preuve d&#8217;attaques actives<\/a> en utilisant cette vuln\u00e9rabilit\u00e9.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/pjHvTZON\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/Turla-met-a-jour-la-porte-derobee-Kazuar-avec-une.gif\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>&#8220;Intel ne s&#8217;attend pas \u00e0 ce que ce probl\u00e8me soit rencontr\u00e9 par un logiciel r\u00e9el non malveillant&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9. <a rel=\"nofollow noopener\" href=\"https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/software-security-guidance\/advisory-guidance\/redundant-prefix-issue.html\" target=\"_blank\">dit<\/a> dans un guide publi\u00e9 le 14 novembre. &#8220;L&#8217;exploitation malveillante de ce probl\u00e8me n\u00e9cessite l&#8217;ex\u00e9cution de code arbitraire.&#8221;<\/p>\n<p>La divulgation co\u00efncide avec la publication de correctifs pour une faille de s\u00e9curit\u00e9 dans les processeurs AMD appel\u00e9e CacheWarp (CVE-2023-20592) qui permet \u00e0 des acteurs malveillants de s&#8217;introduire dans des machines virtuelles prot\u00e9g\u00e9es par AMD SEV pour \u00e9lever leurs privil\u00e8ges et obtenir l&#8217;ex\u00e9cution de code \u00e0 distance.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/11\/reptar-new-intel-cpu-vulnerability.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80215 novembre 2023\ue804R\u00e9dactionVuln\u00e9rabilit\u00e9 \/ S\u00e9curit\u00e9 mat\u00e9rielle Intel a publi\u00e9 des correctifs pour corriger une faille de haute gravit\u00e9 nomm\u00e9e Reptar cela a un impact sur ses processeurs de bureau, mobiles et de serveur. Suivi comme CVE-2023-23583 (score CVSS : 8,8), le probl\u00e8me a le potentiel de \u00ab\u00a0permettre une \u00e9l\u00e9vation de privil\u00e8ges et\/ou une divulgation d&#8217;informations [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1017301,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,1132,4168,4165,4161,200267,48187,23644,4159,4171,65,200271,200268,214922,197,200269,200270,62788,214920,128318,4172,4169,196,4166,214921,3667,4164],"class_list":["post-1017300","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-affecte","tag-comment-pirater","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-environnements","tag-intel","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-les","tag-logiciel-malveillant-rancongiciel","tag-mises-a-jour-sur-la-cybersecurite","tag-multilocataires","tag-nouvelle","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-processeur","tag-reptar","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-une","tag-violation-de-donnees","tag-virtualises","tag-vulnerabilite","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1017300","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1017300"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1017300\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1017301"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1017300"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1017300"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1017300"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}