Is CPU microcode available via the microcode_ctl package?

Updated -

Historically, Red Hat has provided updated microcode, developed by our microprocessor partners, as a customer convenience. Red Hat had temporarily suspended this practice in January 2018 while microcode stabilized.

Red Hat is once again providing an updated Intel microcode package (microcode_ctl) and AMD microcode package (linux-firmware) to customers in order to simplify deployment processes and minimize downtime.

Microcode/firmware/millicode is software that microprocessor manufacturers supply to operating system vendors to take advantage of internal features of the CPU. The authoritative source for this software is the CPU manufacturer.

The microcode_ctl mechanism to update system firmware is non-persistent in nature. The microcode is loaded during each boot operation; however, it is only applied in the event that the microcode available within /lib/firmware/ for the installed CPU is newer than the revision loaded during the hardware initialization phase of boot. Updating the system firmware to a revision that includes updated microcode is applicable to any resident software, and is recommended as a more permanent solution.

Historically, Red Hat has provided updated microcode, developed by our microprocessor partners, as a customer convenience. Red Hat temporarily suspended this practice in January 2018 while microcode stabilized.

Red Hat is once again providing an updated Intel microcode package, microcode_ctl, and AMD microcode package, linux-firmware, to customers in order to simplify deployment processes and minimize downtime.

Note: RHEL7 splits the microcode into two rpms: Intel in microcode_ctl and AMD in linux-firmware. RHEL6 and earlier releases have both Intel and AMD in the same microcode_ctl rpm.

Red Hat will continue to update these microcode packages as necessary. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended, as additional improvements may be available.

Please use the following Red Hat Customer Portal Lab App to verify systems have the necessary microprocessor firmware to address CVE-2017-5715 (variant 2).

Red Hat Customer Portal Labs - Spectre And Meltdown Detector

The following Red Hat Customer Portal Lab App can be used to verify if systems have the necessary microprocessor firmware to address CVE-2018-3639. Available under the "Diagnose" tab.

Kernel Side-Channel Attack using Speculative Store Bypass - CVE-2018-3639

Note: To check your system's CPU model:

egrep -e 'model|cpu family|stepping|microcode' /proc/cpuinfo | sort | uniq

Intel Microcode Updates that mitigate CVE-2017-5715, branch target injection, Spectre-V2.

Model # (dec) Stepping (dec) Minimum MCU Rev for Spectre v2 mitigation Minimum MCU Rev for Speculative Store Bypass mitigation Codename Model Name
0x4e (78) 0x03 (3) 0x00c2 TBD Skylake U/Y
Skylake U23e
6th Generation Intel® Core™ m Processors
0x4e (78) 0x01 (1) 0x00c2 TBD Gemini Lake Intel® Pentium® Silver processors N5xxx, J5xxx
Intel® Celeron® processors N4xxx, J4xxx
0x9e (158) 0x0b (11) 0x0084 TBD Coffee Lake - S (4+2) 8th Generation Intel® Core™ Desktop Processor Family
0x46 (70) 0x01 (1) 0x0019 TBD Haswell Perf Halo Intel® Core™ Extreme Processor (5960x, 5930x, 5820x)
0x9e (158) 0x09 (9) 0x0084 TBD Kaby Lake H/S/X/G
Kaby Lake Xeon E3"
7th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor v6 E3-1220, E3-1225, E3-1230, E3-1240, E3-1245, E3-1270, E3-1275, E3-1280"
0x3d (61) 0x04 (4) 0x002a TBD Broadwell U/Y Intel® Core™ Processor i7-5650U,i7-5600U, i7-5557U, i7-5550U, i7-5500U
Intel® Core™ Processor i5-5350U, i5-5350,i5-5300U, i5-5287U,i5-5257U, i5-5250U, i5-5200U
Intel® Core™ Processor i3-5157U, i3-5020U, i3-5015U, i3-5010U, i3-5006U, i3-5005U, i3-5010U, i5-5350U, i7-5650U
Intel® Core™ Processor M-5Y71, M-5Y70, M-5Y51, M-5Y3, M-5Y10c, M -5Y10a, M-5Y10
Intel® Pentium® Processor 3805U, 3825U, 3765U, 3755U, 3215U, 3205U
Intel® Celeron® 3765U
0x56 (86) 0x03 (3) 0x7000012 TBD Broadwell DE V2,V3 Intel® Xeon® Processor D-1518, D-1519, D-1521, D-1527, D-1528, D-1531, D-1533, D-1537, D-1541, D-1548
Intel® Pentium® Processor D1507, D1508, D1509, D1517, D1519
0x2d (45) 0x07 (7) 0x0713 TBD Sandy Bridge Server EN/EP/EP4S Intel® Xeon® Processor E5-1428L, E5-1620, E5-1650, E5-1660, E5-2403, E5-2407, E5-2418L, E5-2420, E5-2428L, E5-2430, E5-2430L, E5-2440, E5-2448L, E5-2450, E5-2450L, E5-2470, E5-2603, E5-2609, E5-2620, E5-2630, E5-2630L, E5-2637, E5-2640, E5-2643, E5-2648L, E5-2650, E5-2650L, E5-2658, E5-2660, E5-2665, E5-2667, E5-2670, E5-2680, E5-2687W, E5-2690, E5-4603, E5-4607, E5-4610, E5-4617, E5-4620, E5-4640, E5-4650, E5-4650L
Intel® Pentium® Processor 1405
0x2a (42) 0x07 (7) 0x002d TBD Sandy Bridge
Sandy Bridge Xeon E3
Intel® Core™ i3-21xx/23xx-T/M/E/UE Processor
Intel® Core™ i5-23xx/24xx/25xx-T/S/M/K Processor
Intel® Core™ i7-2xxx-S/K/M/QM/LE/UE/QE Processor
Intel® Core™ i7-29xxXM Extreme Processor
Intel® Celeron® Desktop G4xx, G5xx Processor
Intel® Celeron® Mobile 8xx, B8xx Processor
Intel® Pentium® Desktop 350, G6xx, G6xxT, G8xx Processor
Intel® Pentium® Mobile 9xx, B9xx Processor
Intel® Xeon® Processor E3-1200 Product Family
0x2d (45) 0x06 (6) 0x061c TBD Sandy Bridge Server EN/EP/EP4S Intel® Xeon® Processor E5-2620, E5-2630, E5-2630L, E5-2640, E5-2650, E5-2650L, E5-2660, E5-2667, E5-2670, E5-2680, E5-2690
0x8e (142) 0x09 (9) 0x0084 TBD Kaby Lake U/Y, U23e 7th Generation Intel® Core™ Mobile Processors
0x9e (158) 0x0a (10) 0x0084 TBD Coffee Lake H (6+2)
Coffee Lake S (6+2)
Coffee Lake S (6+2) Xeon E
Coffee Lake-S (4+2) Xeon E
Coffee Lake-S (6+2) x/KBP
8th Generation Intel® Core™ Processor Family
0x8e (142) 0x0a (10) 0x0084 TBD Kaby Lake Refresh U 4+2
Coffee Lake U43e
8th Generation Intel® Core™ Mobile Processor Family
8th Generation Intel® Core™ Processor Family
0x3f (63) 0x02 (2) 0x003c TBD Haswell Server E, EP, EP4S Intel® Xeon® Processor v3 E5-1428L, E5-1603, E5-1607, E5-1620, E5-1630, E5-1650, E5-1660, E5-1680, E5-2408L, E5-2418L, E5-2428L, E5-2438L, E5-2603, E5-2608L, E5-2608L, E5-2609, E5-2618L, E5-2620, E5-2623, E5-2628L, E5-2630, E5-2630L, E5-2637, E5-2640, E5-2643, E5-2648L, E5-2650, E5-2650L, E5-2658, E5-2660, E5-2667, E5-2670, E5-2680, E5-2683, E5-2685, E5-2687W, E5-2690, E5-2695, E5-2697, E5-2698, E5-2699, E5-4610, E5-4620, E5-4627, E5-4640, E5-4648, E5-4650, E5-4655, E5-4660, E5-4667, E5-4669
0x5e (94) 0x03 (3) 0x00c2 TBD Skylake H/S
Skylake Xeon E3
6th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor v5 E3-1220, E3-1225, E3-1230, E3-1235L, E3-1240, E3-1240L, E3-1245, E3-1260L, E3-1270, E3-1275, E3-1280
0x56 (86) 0x02 (2) 0x0015 TBD Broadwell DE V1 Intel® Xeon® Processor D-1520, D-1540
0x3f (63) 0x04 (4) 0x0011 TBD Haswell Server EX Intel® Xeon® Processor E7-4809V3, E7-4820V3, E7-4830V3, E7-4850V3, E7-8860V3, E7-8867V3, E7-8870V3, E7-8880LV3, E7-8880V3, E7-8890V3, E7-8891V3, E7-8893V3
0x3e (62) 0x04 (4) 0x042c TBD Ivy Bridge Server E, EN, EP, EP4S
Ivy Bridge E
Intel® Xeon® Processor v2 E5-1428L, E5-1620, E5-1650, E5-1660, E5-2403, E5-2407, E5-2418L, E5-2420, E5-2428L, E5-2430, E5-2430L, E5-2440, E5-2448L, E5-2450, E5-2450L, E5-2470, E5-2603, E5-2609, E5-2618L, E5-2620, E5-2628L, E5-2630, E5-2630L, E5-2637, E5-2640, E5-2643, E5-2648L, E5-2650, E5-2650L, E5-2658, E5-2660, E5-2667, E5-2670, E5-2680, E5-2687W, E5-2690, E5-2695, E5-2697, E5-4603, E5-4607, E5-4610, E5-4620, E5-4624L, E5-4627, E5-4640, E5-4650, E5-4657L
Intel® Core™ Processor Extreme Edition i7-4960X
Intel® Core™ Processor i7-4820K, i7-4930K"
0x55 (85) 0x04 (4) 0x2000043 TBD Skylake D, Bakerville
Skylake Server
Skylake W
Skylake X, Basin Falls
Intel® Xeon® Processor D-2123IT, D-2141I, D-2142IT, D-2143IT, D-2145NT, D-2146NT, D-2161I, D-2163IT, D-2166NT, D-2173IT, D-2177NT, D-2183IT, D-2187NT
Intel® Xeon® Bronze Processor 3104, 3106
Intel® Xeon® Gold Processor 5115, 5118, 5119T, 5120, 5120T, 5122, 6126, 6126F, 6126T, 6128, 6130, 6130F, 6130T, 6132, 6134, 6134M, 6136, 6138, 6138F, 6138T, 6140, 6140M, 6142, 6142F, 6142M, 6144, 6146, 6148, 6148F, 6150, 6152, 6154
Intel® Xeon® Platinum Processor 8153, 8156, 8158, 8160, 8160F, 8160M, 8160T, 8164, 8168, 8170, 8170M, 8176, 8176F, 8176M, 8180, 8180M
Intel® Xeon® Silver Processor 4108, 4109T, 4110, 4112, 4114, 4114T, 4116, 4116T
Intel® Xeon® Processor W-2123, W-2125, W-2133, W-2135, W-2145, W-2155, W-2195, W-2175
Intel® Core™ i9 79xxX, 78xxX"
0x55 (85) 0x04 (4) 0xf000011 TBD Broadwell DE Y0 Intel® Xeon® Processor D-1557, D-1559, D-1567, D-1571, D-1577, D-1581, D-1587
0x55 (85) 0x03 (3) 0x1000140 TBD Skylake X Intel Xeon Scalable B1
0x3e (62) 0x07 (7) 0x0713 TBD Ivy Bridge Server EX E5-4610, E5-4620, E5-4624L, E5-4627, E5-4640, E5-4650, E5-4657L
0x56 (85) 0x05 (5) 0xe000009 TBD Broadwell DE A1 Intel® Xeon® Processor D-1513N, D-1523N, D-1533N, D-1543N, D1553N
0x3c (60) 0x03 (3) 0x0024 TBD Haswell (including H, S)
Haswell Xeon E3
4th Generation Intel® Core™ Mobile Processor Family, Intel® Pentium® Mobile Processor Family, Intel® Celeron® Mobile Processor Family
Intel® Xeon® Processor E3-1220V3, E3-1225V3, E3-1230LV3, E3-1230V3, E3-1240V3, E3-1245V3, E3-1270V3, E3-1275LV3, E3-1275V3, E3-1280V3, E3-1285LV3, E3-1285LV3, E3-1285V3
0x47 (71) 0x01 (1) 0x001d TBD Broadwell H 43e
Broadwell Xeon E3
Intel® Core™ Processor i7-5950HQ, i7-5850HQ, i7-5750HQ, i7-5700HQ
Intel® Core™ Processor i5-5575R, i5-5675C, i5-5675R, i7-5775C, i7-5775R
Intel® Core™ Processor i7-5700EQ, i7-5850EQ
Intel® Xeon® Processor v4 E3-1258L, E3-1265L, E3-1278L, E3-1285, E3-1285
0x3a (58) 0x09 (9) 0x001f TBD Gladden
Ivy Bridge
Ivy Bridge Xeon E3
Intel® Core™ Processor i3-2115C, i3-3115C
Intel® Pentium® Processor B915C, B925C
Intel® Celeron® Processor 725C
Intel® Xeon® Processor E3-1105C, E3-1125C, E3-1105C v2, E3-1125C v2
3rd Generation Intel® Core™ Mobile Processor Family, Intel® Pentium® Mobile Processor Family, and Intel® Celeron® Mobile Processor Family
Intel® Core™ Processor Extreme Edition i7-4960X
Intel® Core™ Processor i7-4820K, i7-4930K
0x45 (69) 0x01 (1) 0x0023 TBD Haswell ULT 4th Generation Intel® Core™ Mobile Processor Family, Intel® Pentium® Mobile Processor Family, Intel® Celeron® Mobile Processor Family

AMD Microcode Updates that mitigate CVE-2017-5715, branch target injection, Spectre-V2.

CPUID Family Model Number Model Name Minimum MCU Rev for Spectre v2 mitigation
0x4e (78) 15h 00-0fh Opteron 6200/4200 0x0600063E
0x00600f20 15h 00-0fh Opteron 6300/4300 0x06000852
0x00800F12 17h 00-0fh EPYC 7xx1 Series 0x08001227


More information can be found in the following reference documentation:

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.