Is CPU microcode available to address CVE-2017-5715 via the microcode_ctl package?

Updated -

Microcode/firmware/millicode is software that microprocessor manufacturers supply to operating system vendors to take advantage of internal features of the CPU. The authoritative source for this software is the CPU manufacturer.

The microcode_ctl mechanism to update system firmware is non-persistent in nature. The microcode is loaded during each boot operation; however, it is only applied in the event that the microcode available within /lib/firmware/ for the installed CPU is newer than the revision loaded during the hardware initialization phase of boot. Updating the system firmware to a revision that includes updated microcode is applicable to any resident software, and is recommended as a more permanent solution.

Historically, Red Hat has provided updated microcode, developed by our microprocessor partners, as a customer convenience. Red Hat temporarily suspended this practice in January 2018 while microcode stabilized.

Red Hat is once again providing an updated Intel microcode package, microcode_ctl, and AMD microcode package, linux-firmware, to customers in order to simplify deployment processes and minimize downtime.

Note: RHEL7 splits the microcode into two rpms: Intel in microcode_ctl and AMD in linux-firmware. RHEL6 and earlier releases have both Intel and AMD in the same microcode_ctl rpm.

Red Hat will continue to update these microcode packages as necessary. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended, as additional improvements may be available.

Please use the following Red Hat Customer Portal Lab App to verify systems have the necessary microprocessor firmware to address CVE-2017-5715 (variant 2).

Red Hat Customer Portal Labs - Spectre And Meltdown Detector

Note: To check your system's CPU model:

egrep -e 'model|cpu family|stepping|microcode' /proc/cpuinfo | sort | uniq

Intel Microcode Updates that mitigate CVE-2017-5715, branch target injection, Spectre-V2.

Model # (dec) Stepping (dec) Minimum MCU Rev for Spectre v2 mitigation Codename Model Name
0x4e (78) 0x03 (3) 0x00c2 Skylake U/Y
Skylake U23e
6th Generation Intel® Core™ m Processors
0x4e (78) 0x01 (1) 0x00c2 Gemini Lake Intel® Pentium® Silver processors N5xxx, J5xxx
Intel® Celeron® processors N4xxx, J4xxx
0x9e (158) 0x0b (11) 0x0084 Coffee Lake - S (4+2) 8th Generation Intel® Core™ Desktop Processor Family
0x46 (70) 0x01 (1) 0x0019 Haswell Perf Halo Intel® Core™ Extreme Processor (5960x, 5930x, 5820x)
0x9e (158) 0x09 (9) 0x0084 Kaby Lake H/S/X/G
Kaby Lake Xeon E3"
7th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor v6 E3-1220, E3-1225, E3-1230, E3-1240, E3-1245, E3-1270, E3-1275, E3-1280"
0x3d (61) 0x04 (4) 0x002a Broadwell U/Y Intel® Core™ Processor i7-5650U,i7-5600U, i7-5557U, i7-5550U, i7-5500U
Intel® Core™ Processor i5-5350U, i5-5350,i5-5300U, i5-5287U,i5-5257U, i5-5250U, i5-5200U
Intel® Core™ Processor i3-5157U, i3-5020U, i3-5015U, i3-5010U, i3-5006U, i3-5005U, i3-5010U, i5-5350U, i7-5650U
Intel® Core™ Processor M-5Y71, M-5Y70, M-5Y51, M-5Y3, M-5Y10c, M -5Y10a, M-5Y10
Intel® Pentium® Processor 3805U, 3825U, 3765U, 3755U, 3215U, 3205U
Intel® Celeron® 3765U
0x56 (86) 0x03 (3) 0x7000012 Broadwell DE V2,V3 Intel® Xeon® Processor D-1518, D-1519, D-1521, D-1527, D-1528, D-1531, D-1533, D-1537, D-1541, D-1548
Intel® Pentium® Processor D1507, D1508, D1509, D1517, D1519
0x2d (45) 0x07 (7) 0x0713 Sandy Bridge Server EN/EP/EP4S Intel® Xeon® Processor E5-1428L, E5-1620, E5-1650, E5-1660, E5-2403, E5-2407, E5-2418L, E5-2420, E5-2428L, E5-2430, E5-2430L, E5-2440, E5-2448L, E5-2450, E5-2450L, E5-2470, E5-2603, E5-2609, E5-2620, E5-2630, E5-2630L, E5-2637, E5-2640, E5-2643, E5-2648L, E5-2650, E5-2650L, E5-2658, E5-2660, E5-2665, E5-2667, E5-2670, E5-2680, E5-2687W, E5-2690, E5-4603, E5-4607, E5-4610, E5-4617, E5-4620, E5-4640, E5-4650, E5-4650L
Intel® Pentium® Processor 1405
0x2a (42) 0x07 (7) 0x002d Sandy Bridge
Sandy Bridge Xeon E3
Intel® Core™ i3-21xx/23xx-T/M/E/UE Processor
Intel® Core™ i5-23xx/24xx/25xx-T/S/M/K Processor
Intel® Core™ i7-2xxx-S/K/M/QM/LE/UE/QE Processor
Intel® Core™ i7-29xxXM Extreme Processor
Intel® Celeron® Desktop G4xx, G5xx Processor
Intel® Celeron® Mobile 8xx, B8xx Processor
Intel® Pentium® Desktop 350, G6xx, G6xxT, G8xx Processor
Intel® Pentium® Mobile 9xx, B9xx Processor
Intel® Xeon® Processor E3-1200 Product Family
0x2d (45) 0x06 (6) 0x061c Sandy Bridge Server EN/EP/EP4S Intel® Xeon® Processor E5-2620, E5-2630, E5-2630L, E5-2640, E5-2650, E5-2650L, E5-2660, E5-2667, E5-2670, E5-2680, E5-2690
0x8e (142) 0x09 (9) 0x0084 Kaby Lake U/Y, U23e 7th Generation Intel® Core™ Mobile Processors
0x9e (158) 0x0a (10) 0x0084 Coffee Lake H (6+2)
Coffee Lake S (6+2)
Coffee Lake S (6+2) Xeon E
Coffee Lake-S (4+2) Xeon E
Coffee Lake-S (6+2) x/KBP
8th Generation Intel® Core™ Processor Family
0x8e (142) 0x0a (10) 0x0084 Kaby Lake Refresh U 4+2
Coffee Lake U43e
8th Generation Intel® Core™ Mobile Processor Family
8th Generation Intel® Core™ Processor Family
0x3f (63) 0x02 (2) 0x003c Haswell Server E, EP, EP4S Intel® Xeon® Processor v3 E5-1428L, E5-1603, E5-1607, E5-1620, E5-1630, E5-1650, E5-1660, E5-1680, E5-2408L, E5-2418L, E5-2428L, E5-2438L, E5-2603, E5-2608L, E5-2608L, E5-2609, E5-2618L, E5-2620, E5-2623, E5-2628L, E5-2630, E5-2630L, E5-2637, E5-2640, E5-2643, E5-2648L, E5-2650, E5-2650L, E5-2658, E5-2660, E5-2667, E5-2670, E5-2680, E5-2683, E5-2685, E5-2687W, E5-2690, E5-2695, E5-2697, E5-2698, E5-2699, E5-4610, E5-4620, E5-4627, E5-4640, E5-4648, E5-4650, E5-4655, E5-4660, E5-4667, E5-4669
0x5e (94) 0x03 (3) 0x00c2 Skylake H/S
Skylake Xeon E3
6th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor v5 E3-1220, E3-1225, E3-1230, E3-1235L, E3-1240, E3-1240L, E3-1245, E3-1260L, E3-1270, E3-1275, E3-1280
0x56 (86) 0x02 (2) 0x0015 Broadwell DE V1 Intel® Xeon® Processor D-1520, D-1540
0x3f (63) 0x04 (4) 0x0011 Haswell Server EX Intel® Xeon® Processor E7-4809V3, E7-4820V3, E7-4830V3, E7-4850V3, E7-8860V3, E7-8867V3, E7-8870V3, E7-8880LV3, E7-8880V3, E7-8890V3, E7-8891V3, E7-8893V3
0x3e (62) 0x04 (4) 0x042c Ivy Bridge Server E, EN, EP, EP4S
Ivy Bridge E
Intel® Xeon® Processor v2 E5-1428L, E5-1620, E5-1650, E5-1660, E5-2403, E5-2407, E5-2418L, E5-2420, E5-2428L, E5-2430, E5-2430L, E5-2440, E5-2448L, E5-2450, E5-2450L, E5-2470, E5-2603, E5-2609, E5-2618L, E5-2620, E5-2628L, E5-2630, E5-2630L, E5-2637, E5-2640, E5-2643, E5-2648L, E5-2650, E5-2650L, E5-2658, E5-2660, E5-2667, E5-2670, E5-2680, E5-2687W, E5-2690, E5-2695, E5-2697, E5-4603, E5-4607, E5-4610, E5-4620, E5-4624L, E5-4627, E5-4640, E5-4650, E5-4657L
Intel® Core™ Processor Extreme Edition i7-4960X
Intel® Core™ Processor i7-4820K, i7-4930K"
0x55 (85) 0x04 (4) 0x2000043 Skylake D, Bakerville
Skylake Server
Skylake W
Skylake X, Basin Falls
Intel® Xeon® Processor D-2123IT, D-2141I, D-2142IT, D-2143IT, D-2145NT, D-2146NT, D-2161I, D-2163IT, D-2166NT, D-2173IT, D-2177NT, D-2183IT, D-2187NT
Intel® Xeon® Bronze Processor 3104, 3106
Intel® Xeon® Gold Processor 5115, 5118, 5119T, 5120, 5120T, 5122, 6126, 6126F, 6126T, 6128, 6130, 6130F, 6130T, 6132, 6134, 6134M, 6136, 6138, 6138F, 6138T, 6140, 6140M, 6142, 6142F, 6142M, 6144, 6146, 6148, 6148F, 6150, 6152, 6154
Intel® Xeon® Platinum Processor 8153, 8156, 8158, 8160, 8160F, 8160M, 8160T, 8164, 8168, 8170, 8170M, 8176, 8176F, 8176M, 8180, 8180M
Intel® Xeon® Silver Processor 4108, 4109T, 4110, 4112, 4114, 4114T, 4116, 4116T
Intel® Xeon® Processor W-2123, W-2125, W-2133, W-2135, W-2145, W-2155, W-2195, W-2175
Intel® Core™ i9 79xxX, 78xxX"
0x56 (86) 0x04 (4) 0xf000011 Broadwell DE Y0 Intel® Xeon® Processor D-1557, D-1559, D-1567, D-1571, D-1577, D-1581, D-1587
0x55 (85) 0x03 (3) 0x1000140 Skylake X Intel Xeon Scalable B1
0x3e (62) 0x07 (7) 0x0713 Ivy Bridge Server EX E5-4610, E5-4620, E5-4624L, E5-4627, E5-4640, E5-4650, E5-4657L
0x56 (85) 0x05 (5) 0xe000009 Broadwell DE A1 Intel® Xeon® Processor D-1513N, D-1523N, D-1533N, D-1543N, D1553N
0x3c (60) 0x03 (3) 0x0024 Haswell (including H, S)
Haswell Xeon E3
4th Generation Intel® Core™ Mobile Processor Family, Intel® Pentium® Mobile Processor Family, Intel® Celeron® Mobile Processor Family
Intel® Xeon® Processor E3-1220V3, E3-1225V3, E3-1230LV3, E3-1230V3, E3-1240V3, E3-1245V3, E3-1270V3, E3-1275LV3, E3-1275V3, E3-1280V3, E3-1285LV3, E3-1285LV3, E3-1285V3
0x47 (71) 0x01 (1) 0x001d Broadwell H 43e
Broadwell Xeon E3
Intel® Core™ Processor i7-5950HQ, i7-5850HQ, i7-5750HQ, i7-5700HQ
Intel® Core™ Processor i5-5575R, i5-5675C, i5-5675R, i7-5775C, i7-5775R
Intel® Core™ Processor i7-5700EQ, i7-5850EQ
Intel® Xeon® Processor v4 E3-1258L, E3-1265L, E3-1278L, E3-1285, E3-1285
0x3a (58) 0x09 (9) 0x001f Gladden
Ivy Bridge
Ivy Bridge Xeon E3
Intel® Core™ Processor i3-2115C, i3-3115C
Intel® Pentium® Processor B915C, B925C
Intel® Celeron® Processor 725C
Intel® Xeon® Processor E3-1105C, E3-1125C, E3-1105C v2, E3-1125C v2
3rd Generation Intel® Core™ Mobile Processor Family, Intel® Pentium® Mobile Processor Family, and Intel® Celeron® Mobile Processor Family
Intel® Core™ Processor Extreme Edition i7-4960X
Intel® Core™ Processor i7-4820K, i7-4930K
0x45 (69) 0x01 (1) 0x0023 Haswell ULT 4th Generation Intel® Core™ Mobile Processor Family, Intel® Pentium® Mobile Processor Family, Intel® Celeron® Mobile Processor Family
0x4f (79) ** 0x01 (1) 0xb00002c Broadwell EP/EX ** Intel® Xeon® E5, Dual-Processor platform, Intel® Xeon® E7, Multi-Processor platform, QPI **

** Microcode for model number 79 CPU, aka, Broadwell EP/EX, is not automatically loaded. Please this Kbase article for more details.

AMD firmware that mitigates CVE-2017-5715, branch target injection, Spectre-V2.

CPUID Family Model Number Model Name Minimum MCU Rev for Spectre v2 mitigation
0x4e (78) 15h 00-0fh Opteron 6200/4200 0x0600063E
0x00600f20 15h 00-0fh Opteron 6300/4300 0x06000852
0x00800F12 17h 00-0fh EPYC 7xx1 Series 0x08001227



What if my CPU is not listed in the table?
Red Hat will continue to update these microcode packages as necessary. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended because additional improvements may be available.

More information can be found in the following reference documentation:

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.