It hasnt been a fun time to be Intel. Last week the company revealed two chip vulnerabilities that have come to be known as Spectre and Meltdown and have been rocking the entire chip industry ever since (not just Intel). This week the company issued some patches to rectify the problem. Today, word leaked that some companies were having a reboot issue after installing them. A bad week just got worse. The company admitted as much in a blog post penned by Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel. We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center, Shenoy wrote. He added, If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. Just when you couldnt think this situation could spiral any more out of Intels control, it did. The Wall Street Journal is reporting it got its hands on a confidential memo issued by the company and shared with large companies and cloud providers not to install the patches. Its important to note that Intel is advising consumers to install all patches, and they point out this isnt a security issue. Its just a bad software issue and while they should have made certain this was rock solid, a situation like this tends to lead to pressure that leads to mistakes — and thats probably what happened here. The Spectre and Meltdown issues were discovered last year by Googles Project Zero security team. They found that because of a flaw in modern chip architecture, designed for speed over security, the chip kernel could be exposed. This is where private information like passwords and encryption keys are stored and supposed to be protected. Instead, because of this flaw they could be unprotected. Meltdown affects just Intel chips, while Spectre affects just about all modern chips, including AMD, ARM, IBM Power chips and Nvidia. Raspberry Pi appears to be the only computer spared from this. So far there hasnt been a documented case of anyone taking advantage of this exploit, which, Google pointed out in a blog post yesterday, has existed in chips for 20 years, but security experts have suggested it would be hard to attribute an issue to this particular exploit, even if they had known about it.
It has admitted that its chips are susceptible to both Spectre variants. While Intel is at the center of the Spectre/Meltdown fiasco, AMD's chips are also affected by the CPU vulnerabilities. The company previously said that the risk of exploit using variant 2 was near zero due to its chips' architecture. But in its latest announcement, it said that because both variants are still "applicable to AMD processors," it also plans to release patches for the second variant to be absolutely safe. AMD already provided PC manufacturers its fix for the first Spectre version, and Microsoft has begun rolling it out. The chipmaker also said it's working with Redmond to address a problem that delayed the distribution of patches for its older processors. Since the second version of Spectre needs a different fix, AMD will provide its customers and partners for Ryzen and EPYC processors with a patch for its chips starting this week. Firmware updates for its older chips will follow in the coming weeks. If you use Linux, you might get it sooner than you think, since Linux vendors have already started releasing OS patches for the second variant. You might have to wait a bit if you're a Windows user, though, since AMD is still working out distribution timing with Microsoft. Despite deciding to release a patch for version 2, the company reiterated that its chips' architecture will make it very difficult for attackers to use the exploit. It also maintained that Meltdown isn't applicable to AMD chips at all. AMD's processors aren't "susceptible" to Meltdown, the chipmaker wrote, "due to [the company's] use of privilege level protections within paging architecture. " Since "no mitigation is required" for variant 3, it won't be creating a patch for the vulnerability. Update: AMD clarified that it never said its chips were not susceptible to variant 2.