Groups Similar Search Look up By Text Browse About

Intel’s Meltdown and Spectre fixes have some bugs of their own


Intel told some customers to hold off on installing its updates. Earlier this week, Intel said it would have Meltdown and Spectre fixes available by the end of the month for all recently made chips. But as the Wall Street Journal reports, some of the patches the company has released have caused some problems of their own. Some firmware updates are apparently causing computers to reboot. The Wall Street Journal got its hands on a document Intel was sharing with some of its customers (see note below), in which it advised them to "delay additional deployments of these microcode updates." Stephen Smith, Intel's data-center group general manager, told the publication that the bugs didn't have anything to do with security and that the document was being shared with computer makers and large cloud providers. Since the Wall Street Journal published its report, Intel has released a blog post explaining the systems affected by the reboots are running Broadwell and Haswell CPUs. "We are working quickly with these customers to understand, diagnose and address this reboot issue," it said. Microsoft also halted some of its updates earlier this week after some AMD computer users reported that they couldn't boot their computers after installing its patch. And Intel reported that most people would experience a small amount of slowdown -- less than 10 percent -- on their personal computers after installing its fix. One of Intel's partners told the Wall Street Journal that only telling some of its customers about the issue was a bad move on the part of Intel, saying the public has "been given the microcode update but has not been given the important technical information that Intel recommends that you don't use this." But security researcher Paul Kocher, who discovered some of the issues with Intel's chips, said this sort of thing is to be expected. " It doesn't surprise me a lot that there would be some hiccups." Update: While the Wall Street Journal reported that only some of Intel's customers were receiving notice that they may want to hold off on installing its updates, Intel tells us that all of its customers were notified. The notice "was sent to all customers through the standard patch notification process," a spokesperson told us.

AMD is deploying a patch for the second Spectre CPU vulnerability


It has admitted that its chips are susceptible to both Spectre variants. While Intel is at the center of the Spectre/Meltdown fiasco, AMD's chips are also affected by the CPU vulnerabilities. The company previously said that the risk of exploit using variant 2 was near zero due to its chips' architecture. But in its latest announcement, it said that because both variants are still "applicable to AMD processors," it also plans to release patches for the second variant to be absolutely safe. AMD already provided PC manufacturers its fix for the first Spectre version, and Microsoft has begun rolling it out. The chipmaker also said it's working with Redmond to address a problem that delayed the distribution of patches for its older processors. Since the second version of Spectre needs a different fix, AMD will provide its customers and partners for Ryzen and EPYC processors with a patch for its chips starting this week. Firmware updates for its older chips will follow in the coming weeks. If you use Linux, you might get it sooner than you think, since Linux vendors have already started releasing OS patches for the second variant. You might have to wait a bit if you're a Windows user, though, since AMD is still working out distribution timing with Microsoft. Despite deciding to release a patch for version 2, the company reiterated that its chips' architecture will make it very difficult for attackers to use the exploit. It also maintained that Meltdown isn't applicable to AMD chips at all. AMD's processors aren't "susceptible" to Meltdown, the chipmaker wrote, "due to [the company's] use of privilege level protections within paging architecture. " Since "no mitigation is required" for variant 3, it won't be creating a patch for the vulnerability. Update: AMD clarified that it never said its chips were not susceptible to variant 2.