Video: Intel addresses Meltdown and Spectre security flaws at CES 2018
Intel has revealed that a glitch in its patch for the Meltdown and Spectre CPU attacks is causing problems on PCs and datacenter equipment.
Intel’s firmware, which is delivered by hardware OEMs, is causing higher system reboots on systems with older Broadwell and Haswell CPUs.
“We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and datacenter,” Nevin Shenoy, general manager of Intel’s data centre group, said in a statement.
Intel posted the notice after The Wall Street Journal revealed Intel had quietly told some customers to defer installing its patches due bugs in them.
The company works directly with datacenter customers, whereas device makers and operating-system providers deliver its microcode updates to consumers.
Intel may provide a revised firmware update to OEMs, pending the results of its investigation of customer reports.
Consumers with Intel devices will need to install software updates from operating-system providers and firmware updates from hardware makers to fully mitigate the trio of speculative side-channel vulnerabilities revealed by Google’s Project Zero researchers.
While the Meltdown attack largely only affects Intel chips, AMD revealed Thursday that its Ryzen and EPYC chips are affected by the two Spectre vulnerabilities.
Download now: IT leader’s guide to reducing insider security threats (free PDF)
It’s developing “optional” microcode updates that will be delivered to customers and partners this week, with additional updates for older CPUs coming soon.
And Intel isn’t alone in cleaning up buggy patches. Microsoft last week halted the latest Windows update carrying Meltdown and Spectre fixes for AMD systems after customers reported boot failures.
Microsoft said it had been provided incorrect documentation for some AMD chips for which it was developing patches.
AMD said it is working with Microsoft to resolve this issue, which affects Opteron, Athlon, and Turion X2 Ultra chips. Microsoft should resume distribution of the revised patches for AMD systems next week, according to AMD. Details can be found on Microsoft’s support page for the AMD update.
AMD noted that its Radeon GPUs are not affected by Meltdown and Spectre since these architectures don’t use speculative execution.
GPU maker Nvidia this week also released a patch for these CPU bugs, a move widely taken to mean its GPUs were also vulnerable.
Also read: DevOps requires automation and testing to ensure application security
However, as with AMD’s GPUs, Nvidia’s GPU hardware is immune to the attacks. Its patch provided mitigations to its GPU drivers for CPUs on various operating systems.
A good explanation of what Nvidia’s update does has been posted on Twitter. Essentially, the update disables speculative execution in the driver to mitigate one of the Spectre CPU attacks.
At CES this week, Intel CEO Brian Krzanich vowed the chip maker would provide “transparent and timely communication” about its updates. Intel expects to have updates for 90 percent of its CPUs from the past five years by January 15 and the remainder to have updates by the end of January.
Previous and related coverage
Linux vs Meltdown: Ubuntu gets second update after first one fails to boot
Now Linux distributions get hit by Meltdown patch issues.
Windows Meltdown-Spectre fix: How to check if your AV is blocking Microsoft patch
Antivirus firms are playing patch catch-up, as Microsoft releases Meltdown firmware updates for Surface devices.
Windows Meltdown-Spectre patches: If you haven’t got them, blame your antivirus
Microsoft says your antivirus software could stop you from receiving the emergency patches issued for Windows.
Critical flaws revealed to affect most Intel chips since 1995
Most Intel processors and some ARM chips are confirmed to be vulnerable, putting billions of devices at risk of attacks. One of the security researchers said the bugs are “going to haunt us for years.”
Windows emergency Meltdown patch: Microsoft stops update for AMD PCs after crash reports (TechRepublic)
Following claims the patches trapped some AMD PCs in an endless loop, Microsoft today announced the Windows updates would not be rolled out to affected machines.
How to protect yourself from Meltdown and Spectre CPU flaws (CNET)
Practically every modern processor is vulnerable. We’re updating this list of fixes as they become available.