Intel June 2021 Microcode Update
Table of Contents
- Overview
- Background
- Security Issues
- CVE-2020-24489: VT-d-related Privilege Escalation
- CVE-2020-24511: Improper Isolation of Shared Resources in Some Intel Processors
- CVE-2020-24512: Observable Timing Discrepancy in Some Intel Processors
- CVE-2020-24513: Information Disclosure on Some Intel Atom Processors
- Functional Issues
- Posted Interrupts Internal Error (PI IERR)
- Loop Stream Detector Internal Error (LSD IERR)
- REP MOVS* Machine Check Error (MCE) on Memory Not Accessed
- MD_CLEAR Erratum
- External Node Controller (XNC) Coherency Issue
- Intel® Turbo Boost Max Technology 3.0 (ITBM) Turbo Ratio Limit (TRL) Overreporting
- Transactional Synchronization Extension (TSX) Deprecation
- Affected Products
- Affected Configurations
- Find Your CPU Family Model
- Intel Microcode Updates That Mitigate The Issues
- Resolution
- Acknowledgements
- Frequently Asked Questions
- Additional Information
Overview
Red Hat is aware of several CPU hardware flaws that affect Intel CPU hardware microarchitecture and on-board components.
Red Hat provides updated microcode, developed by our microprocessor partners, as a customer convenience. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended, as additional improvements may be available.
Background
Security Issues
CVE-2020-24489: VT-d-related Privilege Escalation
A potential security vulnerability in some Intel® Virtualization Technology for Directed I/0 (VT-d) products was found. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
This issue requires a microcode update.
This issue has been assigned CVE-2020-24489 and is rated Important.
See also:
CVE-2020-24511: Improper Isolation of Shared Resources in Some Intel Processors
Microcode misconfiguration in some Intel processors may cause EIRBS (Enhanced Indirect Branch Restricted Speculation) mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.
This issue requires a microcode update.
This issue has been assigned CVE-2020-24511 and is rated Moderate.
See also:
CVE-2020-24512: Observable Timing Discrepancy in Some Intel Processors
Certain optimizations on some Intel processors target „trivial data value” cache-lines, such as all-zero value cache-lines. Such optimizations may lead to changes in cache-allocation or write-back behavior for such cache-lines. It may be possible for a local attacker to distinguish some cases of trivial data-cache-lines from non-trivial data cache-lines by inferring cache state using cache timing methods.
This issue requires a microcode update.
This issue has been assigned CVE-2020-24512 and is rated Low.
See also:
CVE-2020-24513: Information Disclosure on Some Intel Atom Processors
A potential domain bypass transient execution vulnerability was discovered on some Intel Atom® processors that uses a microarchitectural incidental channel. Currently this channel can reveal supervisor data in the L1 cache and the contents of recent stores. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.
This issue requires a microcode update.
This issue has been assigned CVE-2020-24513 and is rated Moderate.
See also:
Functional Issues
Posted Interrupts Internal Error (PI IERR)
A high rate of posted interrupts may cause a three-strike machine check error with a Table Of Requests (TOR) timeout, resulting in an Internal Error (IERR).
The mitigation throttles the inbound PCI Express traffic.
Loop Stream Detector Internal Error (LSD IERR)
Under complex microarchitectural conditions, some short loops of instructions may cause a three-strike machine check logged without a Table Of Requests (TOR) timeout, resulting in an Internal Error (IERR).
Note that the loop stream detector has been disabled in a previous update on SKL/KBL/CFL and SKX. Earlier (Broadwell) and later (Ice Lake) families are not affected.
REP MOVS* Machine Check Error (MCE) on Memory Not Accessed
A speculative access to a poisoned cache line that follows the source buffer during a REP MOVS*
(fast string) operation may result in an uncorrectable MCE (Machine Check Error). In addition, the instruction pointer reported as part of the MCE may incorrectly point to the instruction following the causal REP MOVS*
instruction.
MD_CLEAR Erratum
On processors that enumerate the MD_CLEAR
CPUID bit, L1D_FLUSH
, RSM
, and VERW
memory instructions should overwrite affected buffers with constant data; however, under complex micro-architectural conditions, these instructions may not overwrite all affected buffers on the affected processors.
Due to this erratum, the use of MD_CLEAR
operations to prevent MDS (Microarchitectural Data Sampling) or TAA (Intel® Transactional Synchronization Extensions Asynchronous Abort) side-channel methods from revealing previously accessed data may not be fully effective.
External Node Controller (XNC) Coherency Issue
In some Haswell EX and Broadwell EX systems that employ external node controllers (XNC), a memory ordering issue was observed during locked transactions. The microcode update adds an opt-in (via a per-thread MSR) to additional load fencing for lock operations that has shown to work around the issue.
Intel® Turbo Boost Max Technology 3.0 (ITBM) Turbo Ratio Limit (TRL) Overreporting
When microcode supporting 4-core ITBM is run on processors that only support 2-core ITBM, the maximum turbo ratio value was overreported for both 3- and 4-core active scenarios (MSR 0x150 and 0x1ad). This is a reporting issue that does not affect functionality or performance.
Transactional Synchronization Extension (TSX) Deprecation
IPU 2021.1 update disables TSX by default on some platforms (SKL and newer client platforms that are affected by MDS). This will lead to force aborting of all RTM transactions (XBEGIN
always immediately abort with EAX
code of zero). It is possible to disable the force abort behaviour for software development possibilities; however, this mode is unsupported and is not recommended for production use due to possible memory ordering correctness issues.
See also:
- Performance Monitoring Impact of Intel® Transactional Synchronization Extension Memory Ordering Issue (Revision 1.4): TSX Disable Update
- Intel® Transactional Synchronization Extensions (Intel® TSX) Asynchronous Abort: Mitigation
Affected Products
Product | Fixed in package | Advisory link |
---|---|---|
Red Hat Enterprise Linux 8.4.0 (Z-stream) | microcode_ctl-20210216-1.20210525.1.el8_4 | RHSA-2021:2308 |
Red Hat Enterprise Linux 8.2.0 EUS | microcode_ctl-20191115-4.20210525.1.el8_2 | RHSA-2021:2307 |
Red Hat Enterprise Linux 8.1.0 EUS | microcode_ctl-20190618-1.20210525.1.el8_1 | RHSA-2021:2306 |
Red Hat Enterprise Linux 7.9 (Z-stream) | microcode_ctl-2.1-73.9.el7_9 | RHSA-2021:2305 |
Red Hat Enterprise Linux 7.7 EUS | microcode_ctl-2.1-53.16.el7_7 | RHSA-2021:2304 |
Red Hat Enterprise Linux 7.6 AUS/E4S/TUS | microcode_ctl-2.1-47.21.el7_6 | RHSA-2021:2303 |
Red Hat Enterprise Linux 7.4 AUS | microcode_ctl-2.1-22.39.el7_4 | RHSA-2021:2301 |
Red Hat Enterprise Linux 7.3 AUS | microcode_ctl-2.1-16.40.el7_3 | RHSA-2021:2302 |
Red Hat Enterprise Linux 7.2 AUS | microcode_ctl-2.1-12.37.el7_2 | RHSA-2021:2300 |
Red Hat Enterprise Linux 6.10 (ELS) | microcode_ctl-1.17-33.33.el6_10 | RHSA-2021:2299 |
Affected Configurations
Listed below are the CPU families affected by these flaws broken down by the flaw type. You must determine your CPU’s family to see if you are affected.
Find Your CPU Family Model
Find the CPU model provided by your system. This is available in the /proc/cpuinfo
file.
$ grep -E '^(cpu family|model|stepping|microcode)' /proc/cpuinfo | sort -u
cpu family : 6
microcode : 0x84
model : 94
model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping : 3
(Note: on RHEL 6, microcode revision is in decimal; on RHEL 7 onwards, it is in hexadecimal with the respective "0x" prefix.)
Intel Microcode Updates That Mitigate The Issues
Model No. (dec) | Stepping (dec) | Minimum microcode revision for mitigation (dec) | Applicable vulnerabilities and errata | Codename | Model Name |
---|---|---|---|---|---|
0x3f (63) | 0x02 (2) | 0x46 (70) | MD_CLEAR | Haswell E Haswell EP Haswell Server EP Haswell Server EP4S |
Intel® Core™ X-Series Processors (i7-5960X, i7-5930K, i7-5820K) Intel® Xeon® Processor v3 E5-2695, E5-2697, E5-2698, E5-2699, E5-2683, E5-2690, E5-2650, E5-2660, E5-2609, E5-2680, E5-2670, E5-1630, E5-1650, E5-2687W, E5-2643, E5-1660, E5-1680, E5-2650L, E5-2620, E5-2623, E5-1620, E5-2630, E5-2630L, E5-2637, E5-2640, E5-2603, E5-2667, E5-4640, E5-4650, E5-4655, E5-4660, E5-4667, E5-4669, E5-4610, E5-4620, E5-4627 |
0x3f (63) | 0x04 (4) | 0x19 (31) | MD_CLEAR, XNC Coherency | Haswell Server EX | Intel® Xeon® Processor E7 v3 Family Intel® Xeon® Processor v3 E7-4809, E7-4820, E7-4830, E7-4850, E7-8860, E7-8867, E7-8870, E7-8880L, E7-8880, E7-8890, E7-8891, E7-8893 |
0x4e (78) | 0x03 (3) | 0xea (234)¹ | CVE-2020-24512, TSX Deprecation | Skylake U Skylake Y Skylake U (2+3e) |
6th Generation Intel® Core™ Processor Family Intel® Core™ Processor i7-6500U, i7-6510U, i7-6600U Intel® Core™ Processor i5-6200U, i5-6210U, i5-6300U, i5-6310U Intel® Core™ Processor i3-6100U, i3-6110U Intel® Pentium® Processor 4405U, 4415U Intel® Celeron® Processor 3855U, 3865U, 3955U, 3965U Intel® Core™ Processor I7-6560U, I7-6567U, I7-6650U, I7-6660U Intel® Core™ Processor I5-6260U, I5-6267U, I5-6287U, I5-6360U Intel® Core™ Processor i3-6167U Intel® Core™ Processor m7-6Y75, m5-6Y54, m5-6Y57, m3-6Y30 Intel® Pentium® Processor 4405Y |
0x4f (79) | 0x01 (1) | 0xb00003e (184549438)² | MD_CLEAR, XNC Coherency | Broadwell E Broadwell Server E Brodwell Server EP Broadwell Server EP4S Broadwell Server EX |
Intel® Core™ X-series Processors (i7-6950K, i7-6800K, i7-6850, i7-6900K) Intel® Xeon® Processor v4 E5-2603, E5-2608L, E5-2609, E5-2618L, E5-2620, E5-2623, E5-2628L, E5-2630L, E5-2630, E5-2637, E5-2640, E5-2643, E5-2648L, E5-2650L, E5-2650, E5-2658, E5-2660, E5-2667, E5-2679, E5-2680, E5-2683, E5-2690, E5-2695, E5-2697A, E5-2697, E5-2698, E5-2699A, E5-2699, E5-2699R, E5-4628L Intel® Xeon® Processor v4 E7-4809, E7-4820, E7-4830, E7-4850, E7-8855, E7-8860, E7-8867, E7-8870, E7-8880, E7-8890, E7-8891, E7-8893, E7-8894 |
0x55 (85) | 0x03 (3) | 0x100015b (16777563) | REP MOVS*, PI IERR | Skylake Server | Intel® Xeon® Processor P-8124, P-8136 |
0x55 (85) | 0x04 (4) | 0x2006b06 (33581830) | REP MOVS*, PI IERR | Skylake D Bakerville Skylake Server Skylake W Skylake X Basin Falls |
Intel® Xeon® Processor D-2123IT, D-2141I, D-2142IT, D-2143IT, D-2145NT, D-2146NT, D-2161I, D-2163IT, D-2166NT, D-2173IT, D-2177NT, D-2183IT, D-2187NT Intel® Xeon® Bronze Processor 3104, 3106 Intel® Xeon® Gold Processor 5115, 5118, 5119T, 5120, 5120T, 5122, 6126, 6126F, 6126T, 6128, 6130, 6130F, 6130T, 6132, 6134, 6134M, 6136, 6138, 6138F, 6138T, 6140, 6140M, 6142, 6142F, 6142M, 6144, 6146, 6148, 6148F, 6150, 6152, 6154 Intel® Xeon® Platinum Processor 8153, 8156, 8158, 8160, 8160F, 8160M, 8160T, 8164, 8168, 8170, 8170M, 8176, 8176F, 8176M, 8180, 8180M Intel® Xeon® Silver Processor 4108, 4109T, 4110, 4112, 4114, 4114T, 4116, 4116T Intel® Xeon® Processor W-2123, W-2125, W-2133, W-2135, W-2145, W-2155, W-2195, W-2175 Intel® Core™ i9 79xxX, 78xxX |
0x55 (85) | 0x06 (6) | 0x4003102 (67121410) | CVE-2020-24511, TRL Overreporting, REP MOVS*, PI IERR, LSD IERR | Cascade Lake Server | 2nd Generation Intel® Xeon® Scalable Processors |
0x55 (85) | 0x07 (7) | 0x5003102 (83898626) | CVE-2020-24511, TRL Overreporting, REP MOVS*, PI IERR, LSD IERR | Cascade Lake Server Cascade Lake W Cascade Lake X |
2nd Generation Intel® Xeon® Scalable Processors Intel® Xeon® Platinum Processor 8253, 8256, 8260, 8260L, 8260M, 8260Y, 8268, 8270, 8276, 8276L, 8276M, 8280, 8280L, 8280M, 9220, 9221, 9222, 9242, 9282 Intel® Xeon® Gold Processor 5215, 5215L, 5215M, 5215R, 5217, 5218, 5218B, 5218N, 5218T, 5220, 5220R, 5220S, 5220T, 5222, 6208U ,6209U, 6210U, 6212U, 6222V, 6226, 6226R, 6230, 6230N, 6230R, 6230T, 6234, 6238, 6238L, 6238M, 6238R, 6238T, 6240, 6240L, 6240M, 6240R, 6240Y, 6242, 6242R, 6244, 6246, 6246R, 6248, 6248R, 6250, 6250L, 6252, 6252N, 6254, 6256, 6258R, 6262V Intel® Xeon® Silver Processor 4208, 4209T, 4210, 4210R, 4210T, 4214, 4214C, 4214R, 4214Y, 4215, 4215R, 4216 Intel® Xeon® Bronze Processor 3204, 3206R Intel® Xeon® Processor W-3275M, W-3275, W-3265M, W-3265, W-3245M, W-3245, W-3235, W-3225, W-3223, W-2295, W-2275, W-2265, W-2255, W-2245, W-2235, W-2225, W-2223 Intel® Core™ X-series Processor i9-10940X, i9-10920X, i9-10900X, i9-9960X, i9-9940X, i9-9920X, i9-9900X, i9-9820X, i9-9800X, i9-7960X, i9-7940X, i9-7920X, i9-7900X, i7-7820X, i7-7800X, i7-7740X, i7-7640X |
0x55 (85) | 0x0b (11) | 0x7002302 (117449474) | CVE-2020-24511, REP MOVS*, PI IERR, LSD IERR | Cooper Lake SP | 3rd Generation Intel® Xeon® Scalable Processors Intel® Xeon® Platinum Processor 8353H, 8354H, 8376H, 8376HL, 8380H, 8380HL Intel® Xeon® Gold Processor 5318H, 5320H, 6328H, 6328HL, 6348H |
0x56 (86) | 0x03 (3) | 0x700001b (117440539) | MD_CLEAR | Broadwell DE [stepping V2] Broadwell DE [stepping V3] |
Intel® Xeon® Processor D Family Intel® Pentium® Processor D Series Intel® Xeon® Processor D-1518, D-1519, D-1521, D-1527, D-1528, D-1531, D-1533, D-1537, D-1541, D-1548 Intel® Pentium® Processor D1507, D1508, D1509, D1517, D1519 |
0x56 (86) | 0x04 (4) | 0xf000019 (251658265) | MD_CLEAR | Broadwell DE [stepping Y0] | Intel® Xeon® Processor D-1557, D-1559, D-1567, D-1571, D-1577, D-1581, D-1587 |
0x56 (86) | 0x05 (5) | 0xe000012 (234881042) | MD_CLEAR | Broadwell NS [stepping A1] Boadwell DE [stepping A1] Hewitt Lake |
Intel® Xeon® Processor D-1513N, D-1523N, D-1533N, D-1543N, D1553N, D-1602, D-1622, D-1623N, D-1627 , D-1633N, D-1637, D-1649N, D-1653N |
0x5c (92) | 0x09 (9) | 0x44 (68) | CVE-2020-24489, CVE-2020-24513 | Apollo Lake [stepping D0] | Intel® Pentium® Processor J4205, N4200 Intel® Celeron® Processor J3355, J3455, N3350, N3450 Intel® Atom® Processor x5-A3930, x5-A3940, x5-A3950, x5-A3960 |
0x5c (92) | 0x0a (10) | 0x20 (32) | CVE-2020-24489, CVE-2020-24513 | Apollo Lake [stepping E0] | Intel® Atom® Processor x5-E3930, x5-E3940, x7-E3950 |
0x5e (94) | 0x03 (3) | 0xea (234)³ | CVE-2020-24512, TSX Deprecation | Skylake H | 6th Generation Intel® Core™ Processor Family Intel® Core™ Processor i7-6700HQ, i7-6770HQ, i7-6820HK, i7-6820HQ, i7-6870HQ, i7-6920HQ, i7-6970HQ, i5-6300HQ, i5-6350HQ, i5-6440HQ, i3-6100H, i7-6700, i7-6700K, i7-6700T, i7-6700TE, i7-6820EQ, i7-6822EQ, i5-6400, i5-6400T, i5-6440EQ, i5-6442EQ, i5-6500, i5-6500T, i5-6500TE, i5-6600, i5-6600K, i5-6600T, i3-6100, i3-6100E, i3-6100T, i3-6100TE, i3-6102E, i3-6120, i3-6120T, i3-6300, i3-6300T, i3-6320, i3-6320T Intel® Pentium® Processor G4400, G4400T, G4400TE, G4420, G4420T, G4500, G4500T, G4520, G4520T, G4540 Intel® Celeron® Processor G3900, G3900T, G3900TE, G3902E, G3920, G3920T, G3940 |
0x5f (95) | 0x01 (1) | 0x34 (52) | CVE-2020-24513 | Denverton | Intel® Atom® Processor C Series Intel® Atom® Processor C3308, C3336, C3338, C3338R, C3436L, C3508, C3538, C3558, C3558R, C3558RC, C3708, C3750, C3758, C3758R, C3808, C3830, C3850, C3858, C3950, C3958, C3955 |
0x7a (122) | 0x01 (1) | 0x36 (54) | CVE-2020-24489, CVE-2020-24513 | Gemini Lake | Intel® Pentium® Processor Silver Series Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series Intel® Pentium® Silver Processor J5005, N5000 Intel® Celeron® Processor J4005, J4105, N4000, N4100 |
0x7a (122) | 0x08 (8) | 0x1a (26) | CVE-2020-24489, CVE-2020-24513 | Gemini Lake Refresh | Intel® Celeron® Processor J Series Intel® Celeron® Processor N Series Intel® Pentium® Silver J5040, N5030 Processor Intel® Celeron® Processor J4025, J4125, N4020, N4120 |
0x7e (126) | 0x05 (5) | 0xa6 (166) | CVE-2020-24489, CVE-2020-24512, CVE-2020-24513 | Ice Lake U Ice Lake Y |
10th Generation Intel® Core™ Processor Family Intel® Core™ Processor i7-1060G7, i7-1065G7, i5-1030G4, i5-1030G7, i5-1035G1, i5-1035G4, i5-1035G7, i3-1000G1, i3-1000G4, i3-1005G1 |
0x8a (138) | 0x01 (1) | 0x2a (42) | CVE-2020-24489, CVE-2020-24511, CVE-2020-24512, CVE-2020-24513 | Lakefield | Intel® Core™ i5-L16G7 Processor, i3-L13G4 |
0x8c (140) | 0x01 (1) | 0x88 (136)⁴ | CVE-2020-24489, CVE-2020-24511, CVE-2020-24512 | Tiger Lake UP3 Tiger Lake UP4 |
11th Generation Intel® Core™ Processor Family Intel® Core™ i7-1185G7, i7-1165G7, i5-1135G7, i3-1115G4, i3-1125G4, i7-1160G7, i5-1130G7, i3-1120G4, i3-1110G4 Processor |
0x8e (142) | 0x09 (9) | 0xea (234) | CVE-2020-24512, TSX Deprecation | Kaby Lake U Kaby Lake U (2+3e) Kaby Lake Y |
7th Generation Intel® Core™ Processor Family Intel® Core™ Processor i7-7500U, i7-7510U, i7-7600U, i7-7560U, i7-7567U, i7-7660U, i7-7Y75, i5-7200U, i5-7210U, i5-7300U, i5-7500U, i5-7260U, i5-7267U, i5-7287U, i5-7360U, i5-7Y54, i5-7Y57, i3-7007U, i3-7100U, i3-7110U, i3-7130U, i3-7167U, M3-7Y30, M3-7Y30 Intel® Pentium® Processor 4415U, 4410Y, 4415Y Intel® Celeron® Processor 3865U, 3965U, 3965Y |
0x8e (142) | 0x09 (9) | 0xea (234)⁵ | CVE-2020-24512, TSX Deprecation | Amber Lake Y | 8th Generation Intel® Core™ Processor Family Intel® Core™ Processor i7-8500Y, i5-8310Y, i5-8210Y, i5-8200Y, m3-8100Y |
0x8e (142) | 0x0a (10) | 0xea (234)⁵ | CVE-2020-24512, TSX Deprecation | Coffee Lake U (4+3e) Kaby Lake Refresh U (4+2) |
8th Generation Intel® Core™ Processor Family Intel® Core™ Processor i7-8559U, i7-8550U, i7-8650U, i5-8259U, 8269U, i5-8250U, i5-8350U, i3-8109U, i3-7020U, i3-8130U |
0x8e (142) | 0x0b (11) | 0xea (234)⁵ | CVE-2020-24512, LSD IERR, TSX Deprecation | Whiskey Lake U | 8th Generation Intel® Core™ Processor Family Intel® Core™ Processor i7-8565U, i7-8665U, i5-8365U, i5-8265U, i3-8145U Intel® Core™ Processor 4205U, 5405U |
0x8e (142) | 0x0c (12) | 0xea (234)⁵ | CVE-2020-24511, CVE-2020-24512, LSD IERR | Whiskey Lake U, Amber Lake Y, Comet Lake U (4+2) | 8th Generation Intel® Core™ Processor Family 10th Generation Intel® Core™ Processor Family Intel® Core™ Processor i7-10510Y, i5-10310Y, i5-10210Y, i5-10110Y, i7-10510U, i7-8565U, i7-8665U, i5-10210U, i5-8365U, i5-8265U, Intel® Pentium® Gold Processor 6405U, Intel® Celeron® Processor 5305U |
0x9e (158) | 0x09 (9) | 0xea (234)⁵ | CVE-2020-24512, TSX Deprecation | Kaby Lake G Kaby Lake H Kaby Lake S Kaby Lake X Kaby Lake Xeon E3 |
7th Generation Intel® Core™ Processor Family 8th Generation Intel® Core™ Processor Family Intel® Core™ X-series Processors (i5-7640X, i7-7740X) Intel® Core™ Processor i7-8705G, i7-8706G, i7-8709G, i7-8809G, i5-8305G, Intel® Core™ Processor i7-7700HQ, i7-7820EQ, i7-7820HK, i7-7820HQ, i7-7920HQ, i7-7700, i7-7700K, i7-7700T, i5-7300HQ, i5-7440EQ, i5-7440HQ, i5-7442EQ, i5-7400, i5-7400T, i5-7500, i5-7500T, i5-7600, i5-7600K, i5-7600T, i3-7100H, i3-7100E, i3-7101E, i3-7101TE, i3-7102E, i3-7120, i3-7120T, i3-7320T, i3-7340 Intel® Celeron® Processor G3930E, G3930TE Intel® Xeon® Processor v6 E3-1535M, E3-1505M, E3-1505L, E3-1501L, E3-1501M, E3-1285, E3-1280, E3-1275, E3-1270, E3-1245, E3-1240, E3-1230, E3-1225, E3-1220 |
0x9e (158) | 0x0a (10) | 0xea (234)⁵ | CVE-2020-24512, TSX Deprecation | Coffee Lake H (6+2) Coffee Lake S (6+2) Coffee Lake S (6+2) Xeon E Coffee Lake S (4+2) Xeon E |
8th Generation Intel® Core™ Processor Family Intel® Xeon® Processor E Family Intel® Core™ Processor i9-8950HK, i7-8700K, i7-8700B, i7-8750H, i7-8850H, i7-8670, i7-8670T, i7-8700, i7-8700T, i5-8600K, i5-8650K, i5-8300H, i5-8400B, i5-8400H, i5-8500B, i5-8400, i5-8400T, i5-8420, i5-8420T, i5-8500 , i5-8500T, i5-8550, i5-8600, i5-8600T, i5-8650 Intel® Xeon® Processor E-2174G, E-2144G, E-2134, E-2124, E-2124G, E-2284G, E-2274G, E-2254ML, E-2254ME, E-2244G, E-2234, E-2224, E-2224G, E-2184G, E-2186G, E-2176G, E-2176M, E-2146G, E-2136, E-2126G, 2286G, E-2276ML, E-2276ME, E-2276M, E-2276G, E-2246G, E-2236, E-2226GE, E-2226G, E-2186M, E-2176M |
0x9e (158) | 0x0b (11) | 0xea (234)⁵ | CVE-2020-24512, TSX Deprecation | Coffee Lake S (4+2) | 8th Generation Intel® Core™ Processor Family Intel® Pentium® Gold Processor Series Intel® Celeron® Processor G Series Intel® Core™ Processor i3-8000, i3-8000T, i3-8020, i3-8100, i3-8100, i3-8100H, i3-8100T, i3-8120, i3-8300, i3-8300T, i3-8350K Intel® Pentium® Gold G5400, G5400T, G5400T, G5420, G5420T, G5420T, G5500, G5500T, G5600 Intel® Celeron® Processor G4900, G4900T, G4920 |
0x9e (158) | 0x0c (12) | 0xea (234)⁵ | CVE-2020-24512, TSX Deprecation | Coffee Lake S (8+2) | 9th Generation Intel® Core™ Processor Family Intel® Core™ Processor i9-9900K, i9-9900KF, i7-9700K, i7-9700KF, i5-9600K, i5-9600KF, i5-9400, i5-9400F |
0x9e (158) | 0x0d (13) | 0xea (234)⁵ | CVE-2020-24511, CVE-2020-24512 | Coffee Lake H (8+2) Coffee Lake S (8+2) Coffee Lake S (8+2) Xeon E |
9th Generation Intel® Core™ Processor Family Intel® Core™ Processor i9-9980HK, i9-9880H, i7-9850H, 9750HF, i5-9400H, 9300H Intel® Xeon® Processor E-2288G, E-2286M, E-2278GEL, E-2278GE, E-2278G |
0xa5 (165) | 0x02 (2) | 0xea (234) | CVE-2020-24511, CVE-2020-24512, LSD IERR | Comet Lake H | 10th Generation Intel® Core™ Processor Family Intel® Core™ Processor i9-10980HK, i9-10885H, i7-10875H, i7-10850H, i7-10870H, i7-10750H, i5-10400H, i5-10300H, i5-10200H Intel® Xeon® W Processors W-10885M, W-10855M |
0xa5 (165) | 0x03 (3) | 0xea (234) | CVE-2020-24511, CVE-2020-24512, LSD IERR | Comet Lake S (6+2) | 10th Generation Intel® Core™ Processor Family Intel® Pentium® Gold Processor Family Intel® Celeron® Processor Family Intel® Xeon® W-1200 Processor Family Intel® Core™ Processor i5-10600, i5-10600T, i5-10500, i5-10500T, i5-10400, i5-10400F, i5-10400T, i3-10320, i3-10300, i3-10300T, i3-10100, i3-10100T, i3-10100F Intel® Pentium® Gold G6600, G6500, G6500T, G6400, G6400T Intel® Celeron® Processors G5920, G5900, G5900T, G5925, G5905, G5905T Intel® Xeon® W-1200 Processors W-1250 |
0xa5 (165) | 0x05 (5) | 0xec (236) | CVE-2020-24511, CVE-2020-24512, LSD IERR | Comet Lake S (10+2) | 10th Generation Intel® Core™ Processor Family Intel® Xeon® W-1200 Processor Family< Intel® Core™ Processor i9-10900K, i9-10900KF, i9-10900, i9-10900T, i9-10900F, i9-10850K, i7-10700K, i7-10700KF, i7-10700, i7-10700T, i7-10700F, i5-10600K, i5-10600KF, i5-10400, i5-10400F, Intel® Xeon® W-1200 Processors W-1290P, W-1290, W-1290T, W-1270P, W-1270, W1250P |
0xa6 (166) | 0x00 (0) | 0xe8 (232) | CVE-2020-24511, CVE-2020-24512, LSD IERR | Comet Lake U (6+2) | 10th Generation Intel® Core™ Processor Family |
0xa6 (166) | 0x01 (1) | 0xea (234) | CVE-2020-24511, CVE-2020-24512, LSD IERR | Comet Lake U (6+2) v2 | 10th Generation Intel® Core™ Processor Family |
¹ The update is disabled (and previously published revision 0xd6
is used) by default due to possible hangs experienced with previous revisions of the microcode. See /usr/share/doc/microcode_ctl/caveats/06-4e-03_readme
for details.
² The update is disabled by default due to possible hangs. See /usr/share/doc/microcode_ctl/caveats/06-4f-01_readme
and „CPU "model 79" systems hangs/panics during boot following an update to the microcode_ctl package” knowledge base article for details.
³ The update is disabled (and previously published revision 0xd6
is used) by default due to possible hangs experienced with previous revisions of the microcode. See /usr/share/doc/microcode_ctl/caveats/06-5e-03_readme
for details.
⁴ The update is disabled by default due to possible hangs experienced with previous revisions of the microcode. See /usr/share/doc/microcode_ctl/caveats/06-8c-01_readme
for details.
⁵ The update is disabled (and previously published revisions 0xae
/0xb4
/0xb8
are used) by default on Dell hardware (bios_vendor
DMI value is "Dell") due to possible hangs (see 1, 2, 3, 4, 5) experienced with previous revisions of the microcode. See /usr/share/doc/microcode_ctl/caveats/06-8e-9e-0x-dell_readme
and /usr/share/doc/microcode_ctl/caveats/06-8e-9e-0x-0xca_readme
for details.
See also:
Resolution
Red Hat customers running affected versions of the Red Hat products are strongly recommended to update them as soon as errata are available. Customers are urged to apply the appropriate updates immediately and reboot to mitigate this flaw correctly.
Acknowledgements
Red Hat thanks Intel for fixing these issues and making Red Hat aware.
Frequently Asked Questions
Q: Do I need to reboot for the changes to take effect?
A: No. Updating the microcode package to a version equal or later to the one identified in the table above is sufficient for these issues to be fixed.
Q: What if my CPU is not listed in the table?
A: Red Hat will continue to update these microcode packages as necessary. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended because additional improvements may be available.
Additional Information
Red Hat can not guarantee the correctness of the above information as the microcode update is provided by upstream vendors.
Related Knowledge Base articles:
- Is CPU microcode available to address CVE-2017-5715 via the microcode_ctl package?
- Is CPU microcode available to address CVE-2018-3639 via the microcode_ctl package?
- Is CPU microcode available to address CVE-2018-3620 and CVE-2018-3646 via the microcode_ctl package?
- Is CPU microcode available to address MDS (ZombieLoad) CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091 via the microcode_ctl package?
- Intel November 2019 Microcode Update
- Intel June 2020 Microcode Update
- Intel November 2020 Microcode Update
Comments