Is CPU microcode available to address MDS (ZombieLoad) CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091 via the microcode_ctl package?
Microcode/firmware/millicode is software that microprocessor manufacturers supply to operating system vendors to take advantage of internal features of the CPU. The authoritative source for this software is the CPU manufacturer.
The microcode_ctl mechanism to update system firmware is non-persistent in nature. The microcode is loaded during each boot operation; however, it is only applied in the event that the microcode available within /lib/firmware/ for the installed CPU is newer than the revision loaded during the hardware initialization phase of boot. Updating the system firmware to a revision that includes updated microcode is applicable to any resident software, and is recommended as a more permanent solution.
Historically, Red Hat has provided updated microcode, developed by our microprocessor partners, as a customer convenience. Red Hat temporarily suspended this practice in January 2018 while microcode stabilized.
Red Hat is once again providing an updated Intel microcode package, microcode_ctl to customers in order to simplify deployment processes and minimize downtime.
Red Hat will continue to update these microcode packages as necessary. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended, as additional improvements may be available.
Please use the following Red Hat Customer Portal Lab App to verify systems have the necessary microprocessor firmware to address CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091 also known as MDS or ZombieLoad.
Note: To check your system's CPU model:
egrep -e 'model|cpu family|stepping|microcode' /proc/cpuinfo | sort | uniq
Intel Microcode Updates that mitigate MDS (ZombieLoad) CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
| Model # (dec) | Stepping (dec) | Minimum MCU Rev for MDS mitigation | Codename | Model Name |
| 0x2a (42) | 0x07 (7) | 0x2f |
Sandy Bridge Sandy Bridge Xeon E3 |
Intel® Core™ i3-21xx/23xx-T/M/E/UE Processor Intel® Core™ i5-23xx/24xx/25xx-T/S/M/K Processor Intel® Core™ i7-2xxx-S/K/M/QM/LE/UE/QE Processor Intel® Core™ i7-29xxXM Extreme Processor Intel® Celeron® Desktop G4xx, G5xx Processor Intel® Celeron® Mobile 8xx, B8xx Processor Intel® Pentium® Desktop 350, G6xx, G6xxT, G8xx Processor Intel® Pentium® Mobile 9xx, B9xx Processor Intel® Xeon® Processor E3-1200 Product Family |
| 0x2d (45) | 0x06 (6) | 0x61d | Sandy Bridge E, EP | Intel® Xeon® Processor E5 Family |
| 0x2d (45) | 0x07 (7) | 0x714 | Sandy Bridge E, EN, EP, EP4S |
Intel® Core™ X-series Processors Intel® Xeon® Processor E3 Family Intel® Xeon® Processor E5 Family Intel® Pentium® Processor Family |
| 0x3a (58) | 0x09 (9) | 0x21 |
Gladden Ivy Bridge Ivy Bridge Xeon E3 |
Intel® Core™ Processor i3-2115C, i3-3115C Intel® Pentium® Processor B915C, B925C Intel® Celeron® Processor 725C Intel® Xeon® Processor E3-1105C, E3-1125C, E3-1105C v2, E3-1125C v2 3rd Generation Intel® Core™ Mobile Processor Family, Intel® Pentium® Mobile Processor Family, and Intel® Celeron® Mobile Processor Family Intel® Core™ Processor Extreme Edition i7-4960X Intel® Core™ Processor i7-4820K, i7-4930K |
| 0x3c (60) | 0x03 (3) | 0x27 |
Haswell (including H, S) Haswell Xeon E3 |
4th Generation Intel® Core™ Mobile Processor Family Intel® Pentium® Mobile Processor Family Intel® Celeron® Mobile Processor Family Intel® Xeon® Processor E3-1220V3, E3-1225V3, E3-1230LV3, E3-1230V3, E3-1240V3, E3-1245V3, E3-1270V3, E3-1275LV3, E3-1275V3, E3-1280V3, E3-1285LV3, E3-1285LV3, E3-1285V3 |
| 0x3d (61) | 0x04 (4) | 0x2d | Broadwell U/Y |
Intel® Core™ Processor i7-5650U,i7-5600U, i7-5557U, i7-5550U, i7-5500U Intel® Core™ Processor i5-5350U, i5-5350,i5-5300U, i5-5287U,i5-5257U, i5-5250U, i5-5200U Intel® Core™ Processor i3-5157U, i3-5020U, i3-5015U, i3-5010U, i3-5006U, i3-5005U, i3-5010U, i5-5350U, i7-5650U Intel® Core™ Processor M-5Y71, M-5Y70, M-5Y51, M-5Y3, M-5Y10c, M -5Y10a, M-5Y10 Intel® Pentium® Processor 3805U, 3825U, 3765U, 3755U, 3215U, 3205U Intel® Celeron® 3765U |
| 0x3e (62) | 0x04 (4) | 0x42e |
Ivy Bridge Server E, EN, EP, EP4S Ivy Bridge E |
Intel® Xeon® Processor v2 E5-1428L, E5-1620, E5-1650, E5-1660, E5-2403, E5-2407, E5-2418L, E5-2420, E5-2428L, E5-2430, E5-2430L, E5-2440, E5-2448L, E5-2450, E5-2450L, E5-2470, E5-2603, E5-2609, E5-2618L, E5-2620, E5-2628L, E5-2630, E5-2630L, E5-2637, E5-2640, E5-2643, E5-2648L, E5-2650, E5-2650L, E5-2658, E5-2660, E5-2667, E5-2670, E5-2680, E5-2687W, E5-2690, E5-2695, E5-2697, E5-4603, E5-4607, E5-4610, E5-4620, E5-4624L, E5-4627, E5-4640, E5-4650, E5-4657L Intel® Core™ Processor Extreme Edition i7-4960X Intel® Core™ Processor i7-4820K, i7-4930K" |
| 0x3e (62) | 0x07 (7) | 0x715 | Ivy Bridge Server EX | E5-4610, E5-4620, E5-4624L, E5-4627, E5-4640, E5-4650, E5-4657L |
| 0x3f (63) | 0x02 (2) | 0x43 | Haswell Server E, EP, EP4S | Intel® Xeon® Processor v3 E5-1428L, E5-1603, E5-1607, E5-1620, E5-1630, E5-1650, E5-1660, E5-1680, E5-2408L, E5-2418L, E5-2428L, E5-2438L, E5-2603, E5-2608L, E5-2608L, E5-2609, E5-2618L, E5-2620, E5-2623, E5-2628L, E5-2630, E5-2630L, E5-2637, E5-2640, E5-2643, E5-2648L, E5-2650, E5-2650L, E5-2658, E5-2660, E5-2667, E5-2670, E5-2680, E5-2683, E5-2685, E5-2687W, E5-2690, E5-2695, E5-2697, E5-2698, E5-2699, E5-4610, E5-4620, E5-4627, E5-4640, E5-4648, E5-4650, E5-4655, E5-4660, E5-4667, E5-4669 |
| 0x3f (63) | 0x04 (4) | 0x14 | Haswell Server EX | Intel® Xeon® Processor E7-4809V3, E7-4820V3, E7-4830V3, E7-4850V3, E7-8860V3, E7-8867V3, E7-8870V3, E7-8880LV3, E7-8880V3, E7-8890V3, E7-8891V3, E7-8893V3 |
| 0x45 (69) | 0x01 (1) | 0x25 | Haswell ULT | 4th Generation Intel® Core™ Mobile Processor Family, Intel® Pentium® Mobile Processor Family, Intel® Celeron® Mobile Processor Family |
| 0x46 (70) | 0x01 (1) | 0x1b | Haswell Perf Halo | Intel® Core™ Extreme Processor (5960x, 5930x, 5820x) |
| 0x47 (71) | 0x01 (1) | 0x20 |
Broadwell H 43e Broadwell Xeon E3 |
Intel® Core™ Processor i7-5950HQ, i7-5850HQ, i7-5750HQ, i7-5700HQ Intel® Core™ Processor i5-5575R, i5-5675C, i5-5675R, i7-5775C, i7-5775R Intel® Core™ Processor i7-5700EQ, i7-5850EQ Intel® Xeon® Processor v4 E3-1258L, E3-1265L, E3-1278L, E3-1285, E3-1285 |
| 0x4e (78) | 0x03 (3) | 0xcc |
Skylake U/Y Skylake U23e |
6th Generation Intel® Core™ m Processors |
| 0x4f (79) ** | 0x01 (1) | 0xb000036 |
Broadwell Server E, EP, EP4S Broadwell Server EX |
Intel® Xeon® Processor E5v4 Family, E7 v4 Family Intel® Xeon® Processor E7 v4 Family |
| 0x55 (85) | 0x04 (4) | 0x200005e |
Skylake D, Bakerville Skylake Server Skylake W Skylake X, Basin Falls |
Intel® Xeon® Processor D-2123IT, D-2141I, D-2142IT, D-2143IT, D-2145NT, D-2146NT, D-2161I, D-2163IT, D-2166NT, D-2173IT, D-2177NT, D-2183IT, D-2187NT Intel® Xeon® Bronze Processor 3104, 3106 Intel® Xeon® Gold Processor 5115, 5118, 5119T, 5120, 5120T, 5122, 6126, 6126F, 6126T, 6128, 6130, 6130F, 6130T, 6132, 6134, 6134M, 6136, 6138, 6138F, 6138T, 6140, 6140M, 6142, 6142F, 6142M, 6144, 6146, 6148, 6148F, 6150, 6152, 6154 Intel® Xeon® Platinum Processor 8153, 8156, 8158, 8160, 8160F, 8160M, 8160T, 8164, 8168, 8170, 8170M, 8176, 8176F, 8176M, 8180, 8180M Intel® Xeon® Silver Processor 4108, 4109T, 4110, 4112, 4114, 4114T, 4116, 4116T Intel® Xeon® Processor W-2123, W-2125, W-2133, W-2135, W-2145, W-2155, W-2195, W-2175 Intel® Core™ i9 79xxX, 78xxX" |
| 0x56 (86) | 0x02 (2) | 0x1a | Broadwell DE V1 | Intel® Xeon® Processor D-1520, D-1540 |
| 0x56 (86) | 0x03 (3) | 0x7000017 | Broadwell DE V2,V3 |
Intel® Xeon® Processor D-1518, D-1519, D-1521, D-1527, D-1528, D-1531, D-1533, D-1537, D-1541, D-1548 Intel® Pentium® Processor D1507, D1508, D1509, D1517, D1519 |
| 0x56 (86) | 0x04 (4) | 0xf000015 | Broadwell DE Y0 | Intel® Xeon® Processor D-1557, D-1559, D-1567, D-1571, D-1577, D-1581, D-1587 |
| 0x56 (86) | 0x05 (5) | 0xe00000d | Broadwell DE A1 | Intel® Xeon® Processor D-1513N, D-1523N, D-1533N, D-1543N, D1553N |
| 0x5c (92) | 0x09 (9) | 0x38 | Apollo Lake D0 |
Intel® Pentium® Processor J4205, N4200 Intel® Celeron® Processor J3355, J3455, N3350, N3450 Intel® Atom® Processor x5-E3930, x5-E3940, x7-E3950 |
| 0x5e (94) | 0x03 (3) | 0xcc | Skylake H | 6th Generation Intel® Core™ Processor Family |
| 0x5f (95) | 0x01 (1) | 0x2e | Denverton | Intel® Atom® Processor C Series |
| 0x7a (122) | 0x01 (1) | 0x2e | Gemini Lake |
Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series |
| 0x8e (142) | 0x09 (9) | 0xb4 |
Kaby Lake U Kaby Lake U23e Kaby Lake Y Amber Lake Y |
7th Generation Intel® Core™ Processor Family 8th Generation Intel® Core™ Processor Family |
| 0x8e (142) | 0x0a (10) | 0xb4 |
Coffee Lake U43e Kaby Lake Refresh U 4+2 |
8th Generation Intel® Core™ Processor Family |
| 0x8e (142) | 0x0b (11) | 0xb8 | Whiskey Lake U | 8th Generation Intel® Core™ Processors |
| 0x8e (142) | 0x0c (12) | 0xb8 | Whiskey Lake U | 8th Generation Intel® Core™ Processors |
| 0x9e (158) | 0x09 (9) | 0xb4 |
Kaby Lake G Kaby Lake H Kaby Lake S Kaby Lake X Kaby Lake Xeon E3 |
7th Generation Intel® Core™ Processor Family 8th Generation Intel® Core™ Processor Family Intel® Core™ X-series Processors Intel® Xeon® Processor E3 v6 Family |
| 0x9e (158) | 0x0a (10) | 0xb4 |
Coffee Lake H (6+2) Coffee Lake S 6+2 Coffee Lake S (6+2) Coffee Lake S (6+2) x/KBP Coffee Lake S (6+2) Xeon E Coffee Lake S (4+2) Xeon E |
8th Generation Intel® Core™ Processor Family Intel® Xeon® Processor E Family |
| 0x9e (158) | 0x0b (11) | 0xb4 | Coffee Lake S (4+2) |
8th Generation Intel® Core™ Processor Family Intel® Pentium® Gold Processor Series Intel® Celeron® Processor G Series |
| 0x9e (158) | 0x0c (12) | 0xae | Coffee Lake H (8+2) |
9th Generation Intel® Core™ Processor Family 8th Generation Intel® Core™ Processor Family |
** Microcode for model number 79 CPU, aka, Broadwell EP/EX, is not automatically loaded. Please this Kbase article for more details.
What if my CPU is not listed in the table?
Red Hat will continue to update these microcode packages as necessary. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended because additional improvements may be available.
Comments