Jump to content
Login new information ×
Login new information

Intel Releases New Processor Microcode For Security Advisories, CPU Bugs

steven36

By steven36
in Security & Privacy News

Recommended Posts

steven36

steven36

Posted
Posted

Intel on Tuesday evening released their 20201110 CPU microcode package as their first collection of updated CPU microcode binaries since June and it's a big update.

 

gjyhp4V.jpg



Following the disclosure of some 40 new security advisories for their products including the notable "PLATYPUS" vulnerability affecting Intel RAPL, they released the Intel 20201110 CPU microcode package for Linux users to address these security problems as well as other CPU bugs.

INTEL-SA-00381 is addressed as an information disclosure vulnerability around the fast store forward predictor and an AVX flaw where a local attacker can obtain the register state of previous AVX executions.

INTEL-SA-00389 is also addressed with the updated microcode and is in regards to the Intel RAPL vulnerabilities known as PLATYPUS. The updated microcode updates go along with the updated Linux kernel patches issued today, including the disabling of reading Intel CPU energy information by non-root users.

Besides the CPU security updates, there are also a number of "functional issue" updates around CPU bugs spanning many different generations. For example, Ice Lake processors have fixes around VT-d and a Type-C port issue that could lead to system hangs. Xeon Scalable Cascade Lake has a fix for where interrupts may be lost when a core exits C6. There are also various other random CPU bug fixes in the microcode too.

The Intel 20201110 microcode package is also the first time including binaries for Cooper Lake, Lakefield, Tiger Lake, and Comet Lake.

The updated Intel CPU microcode files are available via GitHub.

 

Side Note: got mine today on auto updates from Ubuntu

 

Source

Link to comment
Share on other sites
  • Replies 11
  • Views 1.7k
  • Created
  • Last Reply
steven36

steven36

Posted
  • Author
Posted

Canonical Reverts Intel Microcode Update in Ubuntu Due to Boot Failures in Tiger Lake Systems

 

Canonical has reverted the Intel Microcode update released on November 11th for all supported Ubuntu Linux releases to address a regression causing boot failures on some Intel Tiger Lake systems.

 

New security vulnerabilities are affecting all Linux systems running certain Intel processors. On November 10th, Intel released a new Intel Microcode firmware for Linux systems, and new Linux kernel versions were made available as well to address these new flaws.

 

As I reported the other day, Canonical was quick to patch the Intel Microcode packages in all of its supported Ubuntu releases, including Ubuntu 20.10, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 14.04 ESM, and also released new kernel versions.

 

Unfortunately, the Intel Microcode update caused a regression on certain processors in the Intel Tiger Lake family CPUs, causing the system to not boot. Therefore, Canonical now reverted the Intel Microcode update to the previous version only for the Tiger Lake processor family.

 

The company behind Ubuntu also informs users that they can use the dis_ucode_ldr kernel parameter in the boot menu to disable the microcode firmware from loading in case of a system recovery operation.

 

If you’re using one of the supported Ubuntu releases on a computer powered by an Intel Tiger Lake processor and you already installed yesterday’s Intel Microcode update, it is highly recommended that you update the system again to the new Intel Microcode version that’s already in the main repositories.

 

If you installed yesterday’s Intel Microcode update and you’re experiencing boot failures on your Ubuntu system, you should use the kernel command-line option mentioned above to prevent the microcode firmware from loading and recover your system by updating via the terminal prompt using the following commands.

  

sudo apt update && sudo apt full-upgrade

 

Source

Link to comment
Share on other sites
funkyy

funkyy

Posted
Posted

For Win 7 (x64) using INTEL Core 7th Gen Kaby Lake processor...can somebody point me in the

right direction to download the microcode. They really don't make it easy/clear for folk. And this

happens every time there has been a microcode update.:duh::duh::duh:

2 minutes ago, steven36 said:

They new update  that came out  on GitHub now microcode-20201112  for the Pentium Silver N/J5xxx, Celeron N/J4xxx chips  security only fixes 

 

https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/main/releasenote.md

I guess my processor isn't affected then? Thanks steven36.:dunno::dunno::dunno:

Link to comment
Share on other sites
steven36

steven36

Posted
  • Author
Posted
3 minutes ago, funkyy said:

For Win 7 (x64) using INTEL Core 7th Gen Kaby Lake processor...can somebody point me in the

right direction to download the microcode. They really don't make it easy/clear for folk. And this

happens every time there has been a microcode update.:duh::duh::duh:

I guess my processor isn't affected then? Thanks steven36.:dunno::dunno::dunno:

yes its effected  it just they  back porting fixes for older chips

Link to comment
Share on other sites
steven36

steven36

Posted
  • Author
Posted

@funkyy Here are the list  of processors for the Microcode update  from Windows 10  updates

https://support.microsoft.com/en-us/help/4497165/intel-microcode-updates

I thought M$  blocked Kabylake  on Windows 7  before it ran out of updates  and Windows  8 .1 that still gets  updates ?

 

 WSUS Offline Update still  works  for Windows  8.1  for KabyLake  but they removed  support for Windows  7 .

 

Link to comment
Share on other sites
straycat19

straycat19

Posted
Posted
21 minutes ago, steven36 said:

I thought M$  blocked Kabylake  on Windows 7  before it ran out of updates  and Windows  8 .1 that still gets  updates ?

 

They did but it was very easy to circumvent it and install retail versions of Windows 7.  I still have systems running Windows 7 on Kabylake processors.

Link to comment
Share on other sites
steven36

steven36

Posted
  • Author
Posted
2 minutes ago, straycat19 said:

 

They did but it was very easy to circumvent it and install retail versions of Windows 7.  I still have systems running Windows 7 on Kabylake processors.

Maybe you can tell him how to update his microcode i remember  you doing a post on it  before , I dont hardly ever  boot into windows anymore . To much hassle .

Link to comment
Share on other sites
random

random

Posted
Posted
1 hour ago, funkyy said:

For Win 7 (x64) using INTEL Core 7th Gen Kaby Lake processor...can somebody point me in the

right direction to download the microcode. They really don't make it easy/clear for folk. And this

happens every time there has been a microcode update.:duh::duh::duh:

I guess my processor isn't affected then? Thanks steven36.:dunno::dunno::dunno:

The only realistic way to use the new microcodes for you is to mod your BIOS. I wouldn't recommend bothering. Even if you update to Win10, the OS won't really give you the latest, newest microcodes. For example, the latest microcodes offered for my Coffee Lake by Win10 is the 0xB4 version, which is (I think) from April 2019. The latest offered by my motherboard vendor, i.e. a BIOS update, is from April 2020, 0xD6, so a year more recent than the Microsoft offering.

The latest one, as we speak, is 0xDE, from May 2020.

Also, before you update, before you think of modding the BIOS etc.

- there are no known in the wild exploits for Spectre/Meltdown/side channel vulnerabilities, since early 2018

- the newer microcodes are quite horrible performance-wise, even for newer CPUs like Coffee Lake. Intel messed with things like undervolting, default uncore/ring multipliers, and general performance is lower in multiple benchmarks.

That doesn't mean you'll see it in games or other day to day tasks, at least if your CPU is powerful and new enough. But it does exist, and it's annoying.

Link to comment
Share on other sites
funkyy

funkyy

Posted
Posted
1 hour ago, steven36 said:

Maybe you can tell him how to update his microcode i remember  you doing a post on it  before , I dont hardly ever  boot into windows anymore . To much hassle .

It's ok guys..I have a headache with this...I'll just live dangerously!!! Thanks anyway.:thumbsup::thumbsup::thumbsup:

Thanks Random...I am not anywhere near capable of  tampering with the BIOS...that's

way above my pay grade!! I'll just continue as I always do..in blissful ignorance!!:thumbsup::thumbsup::thumbsup:

Link to comment
Share on other sites
steven36

steven36

Posted
  • Author
Posted
24 minutes ago, random said:

The only realistic way to use the new microcodes for you is to mod your BIOS. I wouldn't recommend bothering. Even if you update to Win10, the OS won't really give you the latest, newest microcodes. For example, the latest microcodes offered for my Coffee Lake by Win10 is the 0xB4 version, which is (I think) from April 2019. The latest offered by my motherboard vendor, i.e. a BIOS update, is from April 2020, 0xD6, so a year more recent than the Microsoft offering.

The latest one, as we speak, is 0xDE, from May 2020.

A whole lot more got updates this time

Intel CPU products updated on September 1, 2020

  • Amber Lake Y
  • Amber Lake-Y/22
  • Avoton
  • Broadwell DE A1
  • Broadwell DE V1
  • Broadwell DE V2, V3
  • Broadwell DE Y0
  • Broadwell H 43e
  • Broadwell Server E, EP, EP4S
  • Broadwell Server EX
  • Broadwell U
  • Broadwell Y
  • Broadwell Xeon E
  • Cascade Lake
  • Cascade Lake Server
  • Cascade Lake-W
  • Coffee Lake H (6+2)
  • Coffee Lake S (6+2)
  • Coffee Lake U43e
  • Coffee Lake H (8+2)
  • Coffee Lake S (4+2)
  • Coffee Lake S (4+2) x/KBP
  • Coffee Lake S (4+2) Xeon E
  • Coffee Lake S (4+2) Xeon E (U0)
  • Coffee Lake S (6+2) x/KBP
  • Coffee Lake S (6+2) Xeon E
  • Coffee Lake S (6+2) Xeon E (U0)
  • Coffee Lake S (8+2)
  • Coffee Lake S (8+2) x/KBP
  • Coffee Lake S (8+2) Xeon E (R0)
  • Coffee Lake S/H (8+2) [R0]
  • Comet Lake U42
  • Comet Lake U62
  • Haswell Desktop
  • Haswell H / Haswell Perf Halo
  • Haswell Server EX
  • Haswell U
  • Haswell Xeon E3
  • Kaby Lake G
  • Kaby Lake H
  • Kaby Lake Refresh U 4+2
  • Kaby Lake S
  • Kaby Lake U
  • Kaby Lake U23e
  • Kaby Lake X
  • Kaby Lake Xeon E3
  • Kaby Lake Y
  • Skylake H
  • Skylake S
  • Skylake Server
  • Skylake U
  • Skylake U23e
  • Skylake Xeon E3
  • Skylake Y
  • Valley View / Baytail
  • Whiskey Lake-U42

Before just these

Intel CPU products updated on Januiary 30, 2020 and February 25, 2020

  • Denverton
  • Sandy Bridge
  • Sandy Bridge E, EP
  • Valley View
  • Whiskey Lake U
Intel CPU products updated on August 29, 2019
  • Apollo Lake
  • Cherry View
  • Gemini Lake
  • Haswell Desktop
  • Haswell M
  • Haswell Xeon E3
  • Valley View

 

 

 

Link to comment
Share on other sites
steven36

steven36

Posted
  • Author
Posted

Windows 10 KB4589212  adds  4 more  CPUs  to windows 10 updates NOV 10

 

 

This Intel microcode release adds four additional  CPU families that will receive the latest fixes from Intel.

  • Avoton
  • Sandy Bridge E, EN, EP, EP4S
  • Sandy Bridge E, EP
  • Valley View / Baytrail

https://www.bleepingcomputer.com/news/microsoft/windows-10-intel-microcode-released-to-fix-new-cpu-security-bugs/

 

Full list here

https://support.microsoft.com/en-nz/help/4589212/intel-microcode-updates

 

It’s also worth noting that Microsoft is pushing the Intel microcode updates along with Windows 10’s November 2020 cumulative updates.

https://www.windowslatest.com/2020/11/12/windows-10-kb4589212-intel-microcode-update/

 

Baytrail  this was released  back in 2013  2nd gen  Atom  , 4th gen Intel   :tooth:

 

Spectre  1&3  was patched with  firmware +  kernel update  Spectre  2 required  a BIOS update as well. :P

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...