Intel June 2021 Microcode Update

Updated -

Overview

Red Hat is aware of several CPU hardware flaws that affect Intel CPU hardware microarchitecture and on-board components.

Red Hat provides updated microcode, developed by our microprocessor partners, as a customer convenience.  Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended, as additional improvements may be available.

Background

Security Issues

CVE-2020-24489: VT-d-related Privilege Escalation

A potential security vulnerability in some Intel® Virtualization Technology for Directed I/0 (VT-d) products was found. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

This issue requires a microcode update.

This issue has been assigned CVE-2020-24489 and is rated Important.

See also:

CVE-2020-24511: Improper Isolation of Shared Resources in Some Intel Processors

Microcode misconfiguration in some Intel processors may cause EIRBS (Enhanced Indirect Branch Restricted Speculation) mitigation (CVE-2017-5715) to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.

This issue requires a microcode update.

This issue has been assigned CVE-2020-24511 and is rated Moderate.

See also:

CVE-2020-24512: Observable Timing Discrepancy in Some Intel Processors

Certain optimizations on some Intel processors target „trivial data value” cache-lines, such as all-zero value cache-lines. Such optimizations may lead to changes in cache-allocation or write-back behavior for such cache-lines. It may be possible for a local attacker to distinguish some cases of trivial data-cache-lines from non-trivial data cache-lines by inferring cache state using cache timing methods.

This issue requires a microcode update.

This issue has been assigned CVE-2020-24512 and is rated Low.

See also:

CVE-2020-24513: Information Disclosure on Some Intel Atom Processors

A potential domain bypass transient execution vulnerability was discovered on some Intel Atom® processors that uses a microarchitectural incidental channel. Currently this channel can reveal supervisor data in the L1 cache and the contents of recent stores. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access.

This issue requires a microcode update.

This issue has been assigned CVE-2020-24513 and is rated Moderate.

See also:

Functional Issues

Posted Interrupts Internal Error (PI IERR)

A high rate of posted interrupts may cause a three-strike machine check error with a Table Of Requests (TOR) timeout, resulting in an Internal Error (IERR).

The mitigation throttles the inbound PCI Express traffic.

Loop Stream Detector Internal Error (LSD IERR)

Under complex microarchitectural conditions, some short loops of instructions may cause a three-strike machine check logged without a Table Of Requests (TOR) timeout, resulting in an Internal Error (IERR).

Note that the loop stream detector has been disabled in a previous update on SKL/KBL/CFL and SKX. Earlier (Broadwell) and later (Ice Lake) families are not affected.

REP MOVS* Machine Check Error (MCE) on Memory Not Accessed

A speculative access to a poisoned cache line that follows the source buffer during a REP MOVS* (fast string) operation may result in an uncorrectable MCE (Machine Check Error). In addition, the instruction pointer reported as part of the MCE may incorrectly point to the instruction following the causal REP MOVS* instruction.

MD_CLEAR Erratum

On processors that enumerate the MD_CLEAR CPUID bit, L1D_FLUSH, RSM, and VERW memory instructions should overwrite affected buffers with constant data; however, under complex micro-architectural conditions, these instructions may not overwrite all affected buffers on the affected processors.

Due to this erratum, the use of MD_CLEAR operations to prevent MDS (Microarchitectural Data Sampling) or TAA (Intel® Transactional Synchronization Extensions Asynchronous Abort) side-channel methods from revealing previously accessed data may not be fully effective.

External Node Controller (XNC) Coherency Issue

In some Haswell EX and Broadwell EX systems that employ external node controllers (XNC), a memory ordering issue was observed during locked transactions. The microcode update adds an opt-in (via a per-thread MSR) to additional load fencing for lock operations that has shown to work around the issue.

Intel® Turbo Boost Max Technology 3.0 (ITBM) Turbo Ratio Limit (TRL) Overreporting

When microcode supporting 4-core ITBM is run on processors that only support 2-core ITBM, the maximum turbo ratio value was overreported for both 3- and 4-core active scenarios (MSR 0x150 and 0x1ad). This is a reporting issue that does not affect functionality or performance.

Transactional Synchronization Extension (TSX) Deprecation

IPU 2021.1 update disables TSX by default on some platforms (SKL and newer client platforms that are affected by MDS). This will lead to force aborting of all RTM transactions (XBEGIN always immediately abort with EAX code of zero). It is possible to disable the force abort behaviour for software development possibilities; however, this mode is unsupported and is not recommended for production use due to possible memory ordering correctness issues.

See also:

Affected Products

Product Fixed in package Advisory link
Red Hat Enterprise Linux 8.4.0 (Z-stream) microcode_ctl-20210216-1.20210525.1.el8_4 RHSA-2021:2308
Red Hat Enterprise Linux 8.2.0 EUS microcode_ctl-20191115-4.20210525.1.el8_2 RHSA-2021:2307
Red Hat Enterprise Linux 8.1.0 EUS microcode_ctl-20190618-1.20210525.1.el8_1 RHSA-2021:2306
Red Hat Enterprise Linux 7.9 (Z-stream) microcode_ctl-2.1-73.9.el7_9 RHSA-2021:2305
Red Hat Enterprise Linux 7.7 EUS microcode_ctl-2.1-53.16.el7_7 RHSA-2021:2304
Red Hat Enterprise Linux 7.6 AUS/E4S/TUS microcode_ctl-2.1-47.21.el7_6 RHSA-2021:2303
Red Hat Enterprise Linux 7.4 AUS microcode_ctl-2.1-22.39.el7_4 RHSA-2021:2301
Red Hat Enterprise Linux 7.3 AUS microcode_ctl-2.1-16.40.el7_3 RHSA-2021:2302
Red Hat Enterprise Linux 7.2 AUS microcode_ctl-2.1-12.37.el7_2 RHSA-2021:2300
Red Hat Enterprise Linux 6.10 (ELS) microcode_ctl-1.17-33.33.el6_10 RHSA-2021:2299

Affected Configurations

Listed below are the CPU families affected by these flaws broken down by the flaw type. You must determine your CPU’s family to see if you are affected.

Find Your CPU Family Model

Find the CPU model provided by your system.  This is available in the /proc/cpuinfo file.

$ grep -E '^(cpu family|model|stepping|microcode)' /proc/cpuinfo | sort -u
cpu family  : 6
microcode   : 0x84
model       : 94
model name  : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping    : 3

(Note: on RHEL 6, microcode revision is in decimal; on RHEL 7 onwards, it is in hexadecimal with the respective "0x" prefix.)

Intel Microcode Updates That Mitigate The Issues

Model No. (dec) Stepping (dec) Minimum microcode revision for mitigation (dec) Applicable vulnerabilities and errata Codename Model Name
0x3f (63) 0x02 (2) 0x46 (70) MD_CLEAR Haswell E
Haswell EP
Haswell Server EP
Haswell Server EP4S
Intel® Core™ X-Series Processors (i7-5960X, i7-5930K, i7-5820K)
Intel® Xeon® Processor v3 E5-2695, E5-2697, E5-2698, E5-2699, E5-2683, E5-2690, E5-2650, E5-2660, E5-2609, E5-2680, E5-2670, E5-1630, E5-1650, E5-2687W, E5-2643, E5-1660, E5-1680, E5-2650L, E5-2620, E5-2623, E5-1620, E5-2630, E5-2630L, E5-2637, E5-2640, E5-2603, E5-2667, E5-4640, E5-4650, E5-4655, E5-4660, E5-4667, E5-4669, E5-4610, E5-4620, E5-4627
0x3f (63) 0x04 (4) 0x19 (31) MD_CLEAR, XNC Coherency Haswell Server EX Intel® Xeon® Processor E7 v3 Family
Intel® Xeon® Processor v3 E7-4809, E7-4820, E7-4830, E7-4850, E7-8860, E7-8867, E7-8870, E7-8880L, E7-8880, E7-8890, E7-8891, E7-8893
0x4e (78) 0x03 (3) 0xea (234)¹ CVE-2020-24512, TSX Deprecation Skylake U
Skylake Y
Skylake U (2+3e)
6th Generation Intel® Core™  Processor Family
Intel® Core™ Processor i7-6500U, i7-6510U, i7-6600U
Intel® Core™ Processor i5-6200U, i5-6210U, i5-6300U, i5-6310U
Intel® Core™ Processor i3-6100U, i3-6110U
Intel® Pentium® Processor 4405U, 4415U
Intel® Celeron® Processor 3855U, 3865U, 3955U, 3965U
Intel® Core™ Processor I7-6560U, I7-6567U, I7-6650U, I7-6660U
Intel® Core™ Processor I5-6260U, I5-6267U, I5-6287U, I5-6360U
Intel® Core™ Processor i3-6167U
Intel® Core™ Processor m7-6Y75, m5-6Y54, m5-6Y57, m3-6Y30
Intel® Pentium® Processor 4405Y
0x4f (79) 0x01 (1) 0xb00003e (184549438)² MD_CLEAR, XNC Coherency Broadwell E
Broadwell Server E
Brodwell Server EP
Broadwell Server EP4S
Broadwell Server EX
Intel® Core™ X-series Processors (i7-6950K, i7-6800K, i7-6850, i7-6900K)
Intel® Xeon® Processor v4 E5-2603, E5-2608L, E5-2609, E5-2618L, E5-2620, E5-2623, E5-2628L, E5-2630L, E5-2630, E5-2637, E5-2640, E5-2643, E5-2648L, E5-2650L, E5-2650, E5-2658, E5-2660, E5-2667, E5-2679, E5-2680, E5-2683, E5-2690, E5-2695, E5-2697A, E5-2697, E5-2698, E5-2699A, E5-2699, E5-2699R, E5-4628L
Intel® Xeon® Processor v4 E7-4809, E7-4820, E7-4830, E7-4850, E7-8855, E7-8860, E7-8867, E7-8870, E7-8880, E7-8890, E7-8891, E7-8893, E7-8894
0x55 (85) 0x03 (3) 0x100015b (16777563) REP MOVS*, PI IERR Skylake Server Intel® Xeon® Processor P-8124, P-8136
0x55 (85) 0x04 (4) 0x2006b06 (33581830) REP MOVS*, PI IERR Skylake D
Bakerville
Skylake Server
Skylake W
Skylake X
Basin Falls
Intel® Xeon® Processor D-2123IT, D-2141I, D-2142IT, D-2143IT, D-2145NT, D-2146NT, D-2161I, D-2163IT, D-2166NT, D-2173IT, D-2177NT, D-2183IT, D-2187NT
Intel® Xeon® Bronze Processor 3104, 3106
Intel® Xeon® Gold Processor 5115, 5118, 5119T, 5120, 5120T, 5122, 6126, 6126F, 6126T, 6128, 6130, 6130F, 6130T, 6132, 6134, 6134M, 6136, 6138, 6138F, 6138T, 6140, 6140M, 6142, 6142F, 6142M, 6144, 6146, 6148, 6148F, 6150, 6152, 6154
Intel® Xeon® Platinum Processor 8153, 8156, 8158, 8160, 8160F, 8160M, 8160T, 8164, 8168, 8170, 8170M, 8176, 8176F, 8176M, 8180, 8180M
Intel® Xeon® Silver Processor 4108, 4109T, 4110, 4112, 4114, 4114T, 4116, 4116T
Intel® Xeon® Processor W-2123, W-2125, W-2133, W-2135, W-2145, W-2155, W-2195, W-2175
Intel® Core™ i9 79xxX, 78xxX
0x55 (85) 0x06 (6) 0x4003102 (67121410) CVE-2020-24511, TRL Overreporting, REP MOVS*, PI IERR, LSD IERR Cascade Lake Server 2nd Generation Intel® Xeon® Scalable Processors
0x55 (85) 0x07 (7) 0x5003102 (83898626) CVE-2020-24511, TRL Overreporting, REP MOVS*, PI IERR, LSD IERR Cascade Lake Server
Cascade Lake W
Cascade Lake X
2nd Generation Intel® Xeon® Scalable Processors
Intel® Xeon® Platinum Processor 8253, 8256, 8260, 8260L, 8260M, 8260Y, 8268, 8270, 8276, 8276L, 8276M, 8280, 8280L, 8280M, 9220, 9221, 9222, 9242, 9282
Intel® Xeon® Gold Processor 5215, 5215L, 5215M, 5215R, 5217, 5218, 5218B, 5218N, 5218T, 5220, 5220R, 5220S, 5220T, 5222, 6208U ,6209U, 6210U, 6212U, 6222V, 6226, 6226R, 6230, 6230N, 6230R, 6230T, 6234, 6238, 6238L, 6238M, 6238R, 6238T, 6240, 6240L, 6240M, 6240R, 6240Y, 6242, 6242R, 6244, 6246, 6246R, 6248, 6248R, 6250, 6250L, 6252, 6252N, 6254, 6256, 6258R, 6262V
Intel® Xeon® Silver Processor 4208, 4209T, 4210, 4210R, 4210T, 4214, 4214C, 4214R, 4214Y, 4215, 4215R, 4216
Intel® Xeon® Bronze Processor 3204, 3206R
Intel® Xeon® Processor W-3275M, W-3275, W-3265M, W-3265, W-3245M, W-3245, W-3235, W-3225, W-3223, W-2295, W-2275, W-2265, W-2255, W-2245, W-2235, W-2225, W-2223
Intel® Core™ X-series Processor i9-10940X, i9-10920X, i9-10900X, i9-9960X, i9-9940X, i9-9920X, i9-9900X, i9-9820X, i9-9800X, i9-7960X, i9-7940X, i9-7920X, i9-7900X, i7-7820X, i7-7800X, i7-7740X, i7-7640X
0x55 (85) 0x0b (11) 0x7002302 (117449474) CVE-2020-24511, REP MOVS*, PI IERR, LSD IERR Cooper Lake SP 3rd Generation Intel® Xeon® Scalable Processors
Intel® Xeon® Platinum Processor 8353H, 8354H, 8376H, 8376HL, 8380H, 8380HL
Intel® Xeon® Gold Processor 5318H, 5320H, 6328H, 6328HL, 6348H
0x56 (86) 0x03 (3) 0x700001b (117440539) MD_CLEAR Broadwell DE [stepping V2]
Broadwell DE [stepping V3]
Intel® Xeon® Processor D Family
Intel® Pentium® Processor D Series
Intel® Xeon® Processor D-1518, D-1519, D-1521, D-1527, D-1528, D-1531, D-1533, D-1537, D-1541, D-1548
Intel® Pentium® Processor D1507, D1508, D1509, D1517, D1519
0x56 (86) 0x04 (4) 0xf000019 (251658265) MD_CLEAR Broadwell DE [stepping Y0] Intel® Xeon® Processor D-1557, D-1559, D-1567, D-1571, D-1577, D-1581, D-1587
0x56 (86) 0x05 (5) 0xe000012 (234881042) MD_CLEAR Broadwell NS [stepping A1]
Boadwell DE [stepping A1]
Hewitt Lake
Intel® Xeon® Processor D-1513N, D-1523N, D-1533N, D-1543N, D1553N, D-1602, D-1622, D-1623N, D-1627 , D-1633N, D-1637, D-1649N, D-1653N
0x5c (92) 0x09 (9) 0x44 (68) CVE-2020-24489, CVE-2020-24513 Apollo Lake [stepping D0] Intel® Pentium® Processor J4205, N4200
Intel® Celeron® Processor J3355, J3455, N3350, N3450
Intel® Atom® Processor x5-A3930, x5-A3940, x5-A3950, x5-A3960
0x5c (92) 0x0a (10) 0x20 (32) CVE-2020-24489, CVE-2020-24513 Apollo Lake [stepping E0] Intel® Atom® Processor x5-E3930, x5-E3940, x7-E3950
0x5e (94) 0x03 (3) 0xea (234)³ CVE-2020-24512, TSX Deprecation Skylake H 6th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-6700HQ, i7-6770HQ, i7-6820HK, i7-6820HQ, i7-6870HQ, i7-6920HQ, i7-6970HQ, i5-6300HQ, i5-6350HQ, i5-6440HQ, i3-6100H, i7-6700, i7-6700K, i7-6700T, i7-6700TE, i7-6820EQ, i7-6822EQ, i5-6400, i5-6400T, i5-6440EQ, i5-6442EQ, i5-6500, i5-6500T, i5-6500TE, i5-6600, i5-6600K, i5-6600T, i3-6100, i3-6100E, i3-6100T, i3-6100TE, i3-6102E, i3-6120, i3-6120T, i3-6300, i3-6300T, i3-6320, i3-6320T
Intel® Pentium® Processor G4400, G4400T, G4400TE, G4420, G4420T, G4500, G4500T, G4520, G4520T, G4540
Intel® Celeron® Processor G3900, G3900T, G3900TE, G3902E, G3920, G3920T, G3940
0x5f (95) 0x01 (1) 0x34 (52) CVE-2020-24513 Denverton Intel® Atom® Processor C Series
Intel® Atom® Processor C3308, C3336, C3338, C3338R, C3436L, C3508, C3538, C3558, C3558R, C3558RC, C3708, C3750, C3758, C3758R, C3808, C3830, C3850, C3858, C3950, C3958, C3955
0x7a (122) 0x01 (1) 0x36 (54) CVE-2020-24489, CVE-2020-24513 Gemini Lake Intel® Pentium® Processor Silver Series
Intel® Celeron® Processor J Series
Intel® Celeron® Processor N Series
Intel® Pentium® Silver Processor J5005, N5000
Intel® Celeron® Processor J4005, J4105, N4000, N4100
0x7a (122) 0x08 (8) 0x1a (26) CVE-2020-24489, CVE-2020-24513 Gemini Lake Refresh Intel® Celeron® Processor J Series
Intel® Celeron® Processor N Series
Intel® Pentium® Silver J5040, N5030 Processor
Intel® Celeron® Processor J4025, J4125, N4020, N4120
0x7e (126) 0x05 (5) 0xa6 (166) CVE-2020-24489, CVE-2020-24512, CVE-2020-24513 Ice Lake U
Ice Lake Y
10th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-1060G7, i7-1065G7, i5-1030G4, i5-1030G7, i5-1035G1, i5-1035G4, i5-1035G7, i3-1000G1, i3-1000G4, i3-1005G1
0x8a (138) 0x01 (1) 0x2a (42) CVE-2020-24489, CVE-2020-24511, CVE-2020-24512, CVE-2020-24513 Lakefield Intel® Core™ i5-L16G7 Processor, i3-L13G4
0x8c (140) 0x01 (1) 0x88 (136)⁴ CVE-2020-24489, CVE-2020-24511, CVE-2020-24512 Tiger Lake UP3
Tiger Lake UP4
11th Generation Intel® Core™ Processor Family
Intel® Core™ i7-1185G7, i7-1165G7, i5-1135G7, i3-1115G4, i3-1125G4, i7-1160G7, i5-1130G7, i3-1120G4, i3-1110G4 Processor
0x8e (142) 0x09 (9) 0xea (234) CVE-2020-24512, TSX Deprecation Kaby Lake U
Kaby Lake U (2+3e)
Kaby Lake Y
7th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-7500U, i7-7510U, i7-7600U, i7-7560U, i7-7567U, i7-7660U, i7-7Y75, i5-7200U, i5-7210U, i5-7300U, i5-7500U, i5-7260U, i5-7267U, i5-7287U, i5-7360U, i5-7Y54, i5-7Y57, i3-7007U, i3-7100U, i3-7110U, i3-7130U, i3-7167U, M3-7Y30, M3-7Y30
Intel® Pentium® Processor 4415U, 4410Y, 4415Y
Intel® Celeron® Processor 3865U, 3965U, 3965Y
0x8e (142) 0x09 (9) 0xea (234)⁵ CVE-2020-24512, TSX Deprecation Amber Lake Y 8th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-8500Y, i5-8310Y, i5-8210Y, i5-8200Y, m3-8100Y
0x8e (142) 0x0a (10) 0xea (234)⁵ CVE-2020-24512, TSX Deprecation Coffee Lake U (4+3e)
Kaby Lake Refresh U (4+2)
8th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-8559U, i7-8550U, i7-8650U, i5-8259U, 8269U, i5-8250U, i5-8350U, i3-8109U, i3-7020U, i3-8130U
0x8e (142) 0x0b (11) 0xea (234)⁵ CVE-2020-24512, LSD IERR, TSX Deprecation Whiskey Lake U 8th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-8565U, i7-8665U, i5-8365U, i5-8265U, i3-8145U
Intel® Core™ Processor 4205U, 5405U
0x8e (142) 0x0c (12) 0xea (234)⁵ CVE-2020-24511, CVE-2020-24512, LSD IERR Whiskey Lake U, Amber Lake Y, Comet Lake U (4+2) 8th Generation Intel® Core™ Processor Family
10th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-10510Y, i5-10310Y, i5-10210Y, i5-10110Y, i7-10510U, i7-8565U, i7-8665U, i5-10210U, i5-8365U, i5-8265U, Intel® Pentium® Gold Processor 6405U, Intel® Celeron® Processor 5305U
0x9e (158) 0x09 (9) 0xea (234)⁵ CVE-2020-24512, TSX Deprecation Kaby Lake G
Kaby Lake H
Kaby Lake S
Kaby Lake X
Kaby Lake Xeon E3
7th Generation Intel® Core™ Processor Family
8th Generation Intel® Core™ Processor Family
Intel® Core™ X-series Processors (i5-7640X, i7-7740X)
Intel® Core™ Processor i7-8705G, i7-8706G, i7-8709G, i7-8809G, i5-8305G, Intel® Core™ Processor i7-7700HQ, i7-7820EQ, i7-7820HK, i7-7820HQ, i7-7920HQ, i7-7700, i7-7700K, i7-7700T, i5-7300HQ, i5-7440EQ, i5-7440HQ, i5-7442EQ, i5-7400, i5-7400T, i5-7500, i5-7500T, i5-7600, i5-7600K, i5-7600T, i3-7100H, i3-7100E, i3-7101E, i3-7101TE, i3-7102E, i3-7120, i3-7120T, i3-7320T, i3-7340
Intel® Celeron® Processor G3930E, G3930TE
Intel® Xeon® Processor v6 E3-1535M, E3-1505M, E3-1505L, E3-1501L, E3-1501M, E3-1285, E3-1280, E3-1275, E3-1270, E3-1245, E3-1240, E3-1230, E3-1225, E3-1220
0x9e (158) 0x0a (10) 0xea (234)⁵ CVE-2020-24512, TSX Deprecation Coffee Lake H (6+2)
Coffee Lake S (6+2)
Coffee Lake S (6+2) Xeon E
Coffee Lake S (4+2) Xeon E
8th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor E Family
Intel® Core™ Processor i9-8950HK, i7-8700K, i7-8700B, i7-8750H, i7-8850H, i7-8670, i7-8670T, i7-8700, i7-8700T, i5-8600K, i5-8650K, i5-8300H, i5-8400B, i5-8400H, i5-8500B, i5-8400, i5-8400T, i5-8420, i5-8420T, i5-8500 , i5-8500T, i5-8550, i5-8600, i5-8600T, i5-8650
Intel® Xeon® Processor E-2174G, E-2144G, E-2134, E-2124, E-2124G, E-2284G, E-2274G, E-2254ML, E-2254ME, E-2244G, E-2234, E-2224, E-2224G, E-2184G, E-2186G, E-2176G, E-2176M, E-2146G, E-2136, E-2126G, 2286G, E-2276ML, E-2276ME, E-2276M, E-2276G, E-2246G, E-2236, E-2226GE, E-2226G, E-2186M, E-2176M
0x9e (158) 0x0b (11) 0xea (234)⁵ CVE-2020-24512, TSX Deprecation Coffee Lake S (4+2) 8th Generation Intel® Core™ Processor Family
Intel® Pentium® Gold Processor Series
Intel® Celeron® Processor G Series
Intel® Core™ Processor i3-8000, i3-8000T, i3-8020, i3-8100, i3-8100, i3-8100H, i3-8100T, i3-8120, i3-8300, i3-8300T, i3-8350K
Intel® Pentium® Gold G5400, G5400T, G5400T, G5420, G5420T, G5420T, G5500, G5500T, G5600
Intel® Celeron® Processor G4900, G4900T, G4920
0x9e (158) 0x0c (12) 0xea (234)⁵ CVE-2020-24512, TSX Deprecation Coffee Lake S (8+2) 9th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i9-9900K, i9-9900KF, i7-9700K, i7-9700KF, i5-9600K, i5-9600KF, i5-9400, i5-9400F
0x9e (158) 0x0d (13) 0xea (234)⁵ CVE-2020-24511, CVE-2020-24512 Coffee Lake H (8+2)
Coffee Lake S (8+2)
Coffee Lake S (8+2) Xeon E
9th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i9-9980HK, i9-9880H, i7-9850H, 9750HF, i5-9400H, 9300H
Intel® Xeon® Processor E-2288G, E-2286M, E-2278GEL, E-2278GE, E-2278G
0xa5 (165) 0x02 (2) 0xea (234) CVE-2020-24511, CVE-2020-24512, LSD IERR Comet Lake H 10th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i9-10980HK, i9-10885H, i7-10875H, i7-10850H, i7-10870H, i7-10750H, i5-10400H, i5-10300H, i5-10200H Intel® Xeon® W Processors W-10885M, W-10855M
0xa5 (165) 0x03 (3) 0xea (234) CVE-2020-24511, CVE-2020-24512, LSD IERR Comet Lake S (6+2) 10th Generation Intel® Core™ Processor Family
Intel® Pentium® Gold Processor Family
Intel® Celeron® Processor Family
Intel® Xeon® W-1200 Processor Family
Intel® Core™ Processor i5-10600, i5-10600T, i5-10500, i5-10500T, i5-10400, i5-10400F, i5-10400T, i3-10320, i3-10300, i3-10300T, i3-10100, i3-10100T, i3-10100F
Intel® Pentium® Gold G6600, G6500, G6500T, G6400, G6400T
Intel® Celeron® Processors G5920, G5900, G5900T, G5925, G5905, G5905T
Intel® Xeon® W-1200 Processors W-1250
0xa5 (165) 0x05 (5) 0xec (236) CVE-2020-24511, CVE-2020-24512, LSD IERR Comet Lake S (10+2) 10th Generation Intel® Core™ Processor Family
Intel® Xeon® W-1200 Processor Family<
Intel® Core™ Processor i9-10900K, i9-10900KF, i9-10900, i9-10900T, i9-10900F, i9-10850K, i7-10700K, i7-10700KF, i7-10700, i7-10700T, i7-10700F, i5-10600K, i5-10600KF, i5-10400, i5-10400F, Intel® Xeon® W-1200 Processors W-1290P, W-1290, W-1290T, W-1270P, W-1270, W1250P
0xa6 (166) 0x00 (0) 0xe8 (232) CVE-2020-24511, CVE-2020-24512, LSD IERR Comet Lake U (6+2) 10th Generation Intel® Core™ Processor Family
0xa6 (166) 0x01 (1) 0xea (234) CVE-2020-24511, CVE-2020-24512, LSD IERR Comet Lake U (6+2) v2 10th Generation Intel® Core™ Processor Family

¹ The update is disabled (and previously published revision 0xd6 is used) by default due to possible hangs experienced with previous revisions of the microcode. See /usr/share/doc/microcode_ctl/caveats/06-4e-03_readme for details.

² The update is disabled by default due to possible hangs. See /usr/share/doc/microcode_ctl/caveats/06-4f-01_readme and „CPU "model 79" systems hangs/panics during boot following an update to the microcode_ctl package” knowledge base article for details.

³ The update is disabled (and previously published revision 0xd6 is used) by default due to possible hangs experienced with previous revisions of the microcode. See /usr/share/doc/microcode_ctl/caveats/06-5e-03_readme for details.

⁴ The update is disabled by default due to possible hangs experienced with previous revisions of the microcode. See /usr/share/doc/microcode_ctl/caveats/06-8c-01_readme for details.

⁵ The update is disabled (and previously published revisions 0xae/0xb4/0xb8 are used) by default on Dell hardware (bios_vendor DMI value is "Dell") due to possible hangs (see 1, 2, 3, 4, 5) experienced with previous revisions of the microcode. See /usr/share/doc/microcode_ctl/caveats/06-8e-9e-0x-dell_readme and /usr/share/doc/microcode_ctl/caveats/06-8e-9e-0x-0xca_readme for details.

See also:

Resolution

Red Hat customers running affected versions of the Red Hat products are strongly recommended to update them as soon as errata are available. Customers are urged to apply the appropriate updates immediately and reboot to mitigate this flaw correctly.

Acknowledgements

Red Hat thanks Intel for fixing these issues and making Red Hat aware.

Frequently Asked Questions

Q: Do I need to reboot for the changes to take effect?
A: No. Updating the microcode package to a version equal or later to the one identified in the table above is sufficient for these issues to be fixed.

Q: What if my CPU is not listed in the table?
A: Red Hat will continue to update these microcode packages as necessary. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended because additional improvements may be available.

Additional Information

Red Hat can not guarantee the correctness of the above information as the microcode update is provided by upstream vendors.

Related Knowledge Base articles: