Intel warns against using Spectre patch due to higher reboots

Intel on Monday told hardware makers and end users to stop deploying its firmware patch for Spectre CPU attack due to it causing “higher than expected reboots and other unpredictable system behavior”. 

The chip maker began investigating its patch after users reported machines were unexpectedly rebooting after installing the update. The stability issues were initially thought to be contained to older Broadwell and Haswell chips, but Intel confirmed last week it was also happening on Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake processors. 

Despite this, Intel told hardware makers to continue releasing its then current update for the Spectre Variant 2 attack CVE-2017-5715, but today its changed position, telling partners to stop.    

“We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior,” wrote Intel’s executive vice president Navin Shenoy. 

Shenoy said Intel had found the root cause of the reboot issue in Broadwell and Haswell, but doesn't appear to have answer yet for newer chips. Over the weekend it released an early version the fix for Broadwell and Haswell chips to OEMs, which it plans to release once testing is complete. Intel will provide more details about the timing of the fix for these chip architectures this week, according to its updated advisory

Intel hasn't said when fixed patches will be available for other architectures, but notes that the Broadwell and Haswell fixes should help it address the reboot problems on other platforms.

In new guidance detailing affected desktop, mobile and server chips, Intel says it’s creating an option for OEMs to use an old patch that doesn’t cause reboots but removes the mitigation for Variant 2 of the Spectre attack. This would be delivered via a BIOS update that would leave in place mitigations for Variant 1, also Spectre, and Variant 3, Meltdown. 

Variant 2 was considered the most problematic attack to mitigate. Google’s engineers found that CPU mitigations had a significant impact on the performance of current hardware. It developed a software-based mitigation for Variant 2 called Retpoline that it found does not impact performance.


Read more: Google’s G Suite gets new dashboard to spot new threats

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Googleintelcyber securitymeltdownspectre

More about GoogleIntelLake

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts