Dell Warns Customers Not To Install Intel Spectre BIOS Update Over Rebooting Concerns
- Variant 1 (Spectre): CVE-2017-5753 (Bound Check Bypass)
- Variant 2 (Spectre): CVE-2017-5715 (Branch Target Injection)
- Variant 3 (Meltdown): CVE-2017-5754 (Rogue Data Cache Load)
Dell assures customers that only the BIOS/microcode mitigation for Variant 2 is susceptible to "reboot issues and unpredictable system behavior". In addition, operating system updates that have been released to address Variant 1 and Variant 3 have no known negative side effects. The company writes:
Intel has communicated new guidance regarding "reboot issues and unpredictable system behavior" with the microcode included in the BIOS updates released to address Spectre (Variant 2), CVE-2017-5715. Dell is advising that all customers should not deploy the BIOS update for the Spectre (Variant 2) vulnerability at this time. We have removed the impacted BIOS updates from our support pages and are working with Intel on a new BIOS update that will include new microcode from Intel.
For those that have already installed the BIOS updates, Dell has provided the following instructions for reverting back to a previous version.
Intel first acknowledged customer complaints about unexpected system reboots after applying the microcode updates earlier this month in Broadwell- and Haswell-based systems. Last week, Intel confirmed that the rebooting issues also affect Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake systems (there is currently no word on if Coffee Lake or Cannon Lake systems are affected).
Intel has pinpointed the cause of the reboots, and is working with its close partners to validate a new microcode update. "We continue to urge all customers to vigilantly maintain security best practice and for consumers to keep systems up-to-date," said Navin Shenoy, Executive VP and GM for Intel's Data Center Group, in a blog post yesterday. "The security of our products is critical for Intel, our customers and partners, and for me, personally."
Intel has come under heavy fire from Linux founder Linus Torvalds for its handling of Spectre and Meltdown. Most recently, Torvalds said, "They do literally insane things. They do things that do not make sense" with regards to patches that have already been released. "I think we need something better than this garbage."