Updated: Intel Quietly Patches An Undisclosed Security Flaw For CPUs Dating Back To Coffee Lake
If there were a massive security flaw affecting all current Intel processors, you'd want to know about it, right? We'd like to know too, but unfortunately mum's the word from Intel on the reason for a recent microcode update for almost all of its processors going back to 2017.
The update came out on Friday, which is unusual in and of itself. It was spotted by Phoronix, who remarks that Intel didn't mention anything about the probable cause for this update on "Patch Tuesday," when the company (like many others) traditionally releases its security advisories. The only explanation given is that they are "Security updates for [INTEL-SA-NA]", which just means that they're for an issue with no Security Advisory (SA).
The timing of this release would suggest that it is a very high-priority release, but the scope of the update is surprising. New microcode binaries are available for basically every Intel processor released since the 8th-gen. That includes processors from the Core, Xeon, and even Atom families, as well as a few chips that are seeing their very first binary microcode updates.
The sum of what we know about this update, besides the huge list of affected CPUs.
The problem is, without Intel telling us, there's very little way for anyone to know what prompted this round of system updates. Likewise, we don't know what effects the changed code will have on our systems. The firmware fixes for the Spectre and Meltdown flaws had a heavy penalty in terms of platform performance for certain tasks.
If this is anything like that, Intel should say so, and soon. We won't have firmware updates available from motherboard manufacturers for a bit yet, but the new microcode is already available to load in Linux (which typically patches the microcode in RAM on boot.) Accordingly, Phoronix is on the case, performing testing and analysis to see if the new microcode has a performance impact on Intel's current-generation chips. We'll make sure to report back if we hear about anything significant.
[23/05/15 7:30 PM] UPDATE:
Intel sent along a statement that seems to clarify the matter:
"The microcode update includes functional updates only."
We suppose that's that. At least we don't have to worry about unscheduled security updates wrecking system performance anymore.