Intel recently disclosed a security vulnerability that was found in some Intel processors. Execution of REP MOVSB instructions encoded with a redundant REX prefix may result in unpredictable system behavior that may lead to a system crash or hang or allow escalation of privilege. This Redundant Prefix Issue is assigned CVE-2023-23583. To ensure business stability and data security for customers, Alibaba Cloud took measures to mitigate risks caused by the issue.
Detected vulnerability
CVE ID: CVE-2023-23583
Impact scope: Some Intel processors are affected, including Ice Lake and Sapphire Rapids processors.
Security suggestions
For Elastic Compute Service (ECS) instances, Alibaba Cloud has upgraded the cloud platform to mitigate the potential risks that are brought about by the vulnerability with no additional configurations or operations required from you.
For ECS bare metal instances, we recommend that you apply the microcode update provided by Intel to mitigate the vulnerability as soon as possible. For more information, see Intel CPU Redundant Prefix Issue. For any questions, contact Alibaba Cloud after-sales engineers.
To continuously enhance user experience, Alibaba Cloud keeps a close eye on the vulnerability and updates vulnerability information at the earliest opportunity.
References
Announcing party
Alibaba Cloud Computing Co., Ltd.