[Updated] Critical Flaw In Intel Skylake And Kaby Lake HyperThreading Discovered Requiring BIOS Microcode Fix

Update: 6/26/2017, 8:59PM EST - Our contacts at Intel have responded to our requests for further detail on this issue with the following statement: 
"We have already identified this issue and addressed it with a fix that started rolling out in April 2017. As always, we recommend checking to make sure your BIOS is up to date, but the chance of encountering this issue is low, as it requires a complex number of concurrent micro-architectural conditions to reproduce."

And so it's clear that Intel feels this issue is limited in scope and very hard to trigger. Further, the fix was documented and released to OEMs and motherboard vendors in April. However, it's of course incumbent upon system builders and motherboard manufacturers to make sure these new BIOS microcode updates are rolled out. Regardless, it appears as though Intel does not recommend disabling HyperThreading in light of this issue, which of course is counter to what the Debian Linux user group has recommended from the outset.

Our original story, as previously covered with full details, is below and unedited for your reference... 

A new flaw has been disclosed that impacts most Intel 6th and 7th Generation Skylake and Kaby Lake-based processors that support HyperThreading, and reportedly exists across all operating systems. The issue was just disclosed on the Debian Linux user list and sent out with a warning notification, but again, this issue affects all OSes beyond just Linux.  

skylake x top

The flaw is detailed by Intel errata documentation as follows:

Errata: SKZ7/SKW144/SKL150/SKX150/SKZ7/KBL095/KBW095
"Short Loops Which Use AH/BH/CH/DH Registers May Cause Unpredictable System Behavior."

Problem:  "Under complex micro-architectural conditions, short loops of less than 64 instructions that use AH, BH, CH or DH registers as well as their corresponding wider register (e.g. RAX, EAX or AX for AH) may cause unpredictable system behavior. This can only happen when both logical processors on the same physical processor are active."

Implication: "Due to this erratum, the system may experience unpredictable system behavior."

Unpredictable system behavior is seldom a desired state of operation, obviously. These errors can cause anything from system lockups to data corruption or loss. Before we get too apocalyptic on this issue, however, the replication conditions are very specific and are unlikely to be encountered by most users in the wild. Still, the report from Linux-distro Debian does recommend disabling HyperThreading until a relevant microcode update is applied as a precaution.

The OCaml toolchain community first began investigating processors with these malfunctions back in January and found reports stemming back to at least the first half of 2016. The OCaml team was able pinpoint the issue to Skylake’s HyperThreading implementation and notified Intel. While Intel did not respond directly according to the post, Intel has issued some microcode fixes since then.

That’s not the end of the story, however, as the microcode fixes do need to be implemented into BIOS/UEFI updates as well. It is not clear at this time if all major vendors have included these changes in their latest revisions though. Users should look for a BIOS/UEFI update which fixes “Intel erratum SKW144, SKL150, SKX150, SKZ7" for both Skylake and Kaby Lake processors. We have reached out to Intel and various board manufacturers for comments and will update accordingly.

Kaby Lake’s status is less certain at this point and may still be vulnerable. Intel’s microcode updates from April 2017 with revisions 0x5d/0x5e and higher may fix the flaw for Kaby Lake processors that have signatures 0x806e9 and 0x906e9, but the safest course of action is to disable HyperThreading for now. The status of Intel's new Skylake-X and Kaby Lake-X series CPUs is unknown. 

This situation serves as a cautionary reminder to not only keep up with operating system updates, but to keep tabs on driver and BIOS/UEFI updates as well. For more information, consult the Debian release, available here.