Intel Says to Stop Applying Problematic Spectre, Meltdown Patch

Intel is now advising its customers and partners to halt the installation of patches for its Broadwell and Haswell microprocessor systems in the wake of recent reports of reboot problems. 

Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel, today said in a post that Intel soon will be issuing a fix for the patch. In the meantime, he says customers should refrain from applying the problematic patches.

"We recommend that OEMs, cloud service providers, system manufacturers, software vendors, and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior," he said.

Word that customers were experiencing higher system reboot problems began circulating earlier this month, and Intel issued an advisory  about the problem on Jan. 11.

"We have now identified the root cause for Broadwell and Haswell platforms, and made good progress in developing a solution to address it. Over the weekend, we began rolling out an early version of the updated solution to industry partners for testing, and we will make a final release available once that testing has been completed," he said.

Intel early this month issued updates for most of its modern microprocessors after researchers from Google's Project Zero Team, Cyberus Technology, Graz University of Technology, University of Pennsylvania, the University of Maryland, Rambus, and University of Adelaide and Data61, all discovered critical flaws in a method used for performance optimization that could allow an attacker to read sensitive system memory, which could contain passwords, encryption keys, and emails, for example. The vulnerabilities affect CPUs from Intel, AMD, and ARM.

The so-called Meltdown and Spectre hardware vulnerabilities allow for so-called side-channel attacks: in the case of Meltdown, that means sensitive information in the kernel memory is at risk of being accessed nefariously, and for Spectre, a user application could read the kernel memory as well as that of another application. So an attacker could read sensitive system memory, which could contain passwords, encryption keys, and emails – and use that information to help craft a local attack.

Intel recommends that customers and OEMs refer to its Intel.com Security Center site for more details on the fix for the Spectre and Meltdown fix.

Related Content: