Intel November 2023 Microcode Update

Updated -

Overview

Red Hat is aware of several CPU hardware flaws that affect Intel CPU hardware microarchitecture and on-board components.

Red Hat provides updated microcode, developed by our microprocessor partners, as a customer convenience. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended, as additional improvements may be available.

Background

Security Issues

CVE-2023-23583: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior

A security vulnerability was found in some Intel processors. Execution of REP MOVSB instructions with a redundant REX prefix may result in execution continuing at an incorrect EIP address after a micro-architectural event occurs, potentially allowing privilege escalation, information disclosure and/or a denial of service via local access.

This issue requires a microcode update.

This issue has been assigned CVE-2023-23583 and is rated Important.

See also:

Update Availability

The updates are provided based on the supported status of the affected CPU models for each specific Red Hat product version.

Product Fixed in package Advisory link
Red Hat Enterprise Linux 9.3.0 (Z-stream) microcode_ctl-20230808-2.20231009.1.el9_3 RHEA-2023:7251
Red Hat Enterprise Linux 9.2.0 EUS microcode_ctl-20220809-2.20231009.1.el9_2 RHEA-2023:7286
Red Hat Enterprise Linux 9.0.0 EUS microcode_ctl-20230207-1.20231009.1.el9_0 RHEA-2023:7285
Red Hat Enterprise Linux 8.9.0 (Z-stream) microcode_ctl-20230808-2.20231009.1.el8_9 RHEA-2023:7250
Red Hat Enterprise Linux 8.8.0 EUS microcode_ctl-20220809-2.20231009.1.el8_8 RHEA-2022:7284
Red Hat Enterprise Linux 8.6.0 EUS microcode_ctl-20220207-1.20231009.1.el8_6 RHEA-2023:7287
Red Hat Enterprise Linux 8.4.0 AUS/E4S/EUS microcode_ctl-20210216-1.20231009.1.el8_4 RHEA-2024:7289
Red Hat Enterprise Linux 8.2.0 AUS/E4S/EUS microcode_ctl-20191115-4.20231009.1.el8_2 RHEA-2023:7290
Red Hat Enterprise Linux 8.1.0 E4S microcode_ctl-20190618-1.20231009.1.el8_1 RHEA-2023:7282
Red Hat Enterprise Linux 7.9 (Z-stream) microcode_ctl-2.1-73.9.el7_9 RHEA-2023:7283
Red Hat Enterprise Linux 7.7 AUS No update is provided
Red Hat Enterprise Linux 7.6 AUS No update is provided
Red Hat Enterprise Linux 6.10 (ELS) No update is provided

Affected Configurations

Listed below are the CPU families affected by these flaws broken down by the flaw type. You must determine your CPU’s family to see if you are affected.

Find Your CPU Family Model

Find the CPU model provided by your system. This is available in the /proc/cpuinfo file.

$ grep -E '^(cpu family|model|stepping|microcode)' /proc/cpuinfo | sort -u
cpu family  : 6
microcode   : 0x84
model       : 94
model name  : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping    : 3

(Note: on RHEL 6, microcode revision is in decimal; on RHEL 7 onwards, it is in hexadecimal with the respective "0x" prefix.)

Intel Microcode Updates That Mitigate The Issues

Model No. (dec) Stepping (dec) Minimum microcode revision for mitigation (dec) Applicable vulnerabilities and errata Codename Model Name
0x6a (106) 0x06 (6) 0xd0003b9 (218104761) CVE-2023-23583 Ice Lake SP 3rd Generation Intel® Xeon® Scalable Processors
Intel® Xeon® Platinum 8300 processors
Intel® Xeon® Gold 6300 processors
Intel® Xeon® Gold 5300 processors
Intel® Xeon® Silver 4300 processors
Intel® Xeon® W-3323, W-3375, W-3345, W-3335, W-3365 Processors
0x6c (108) 0x01 (1) 0x1000268 (16777832) CVE-2023-23583 Ice Lake D Intel® Xeon® D Processor
Intel® Xeon® D-1513N, D-1518, D-1520, D-1521, D-1523N, D-1524N, D-1527, D-1528, D-1529, D-1531, D-1533N, D-1537, D-1539, D-1540, D-1541, D-1543N, D-1548, D-1553N, D-1557, D-1559, D-1563N, D-1564N, D-1567, D-1571, D-1573N, D-1577, D-1581, D-1587, D-1602, D-1612, D-1622, D-1623N, D-1627, D-1632, D-1633N, D-1637, D-1649N, D-1653N, D-1702, D-1712TR, D-1713NT, D-1713NTE, D-1714, D-1715TER, D-1718T, D-1722NE, D-1726, D-1732TE, D-1733NT, D-1734NT, D-1735TR, D-1736, D-1736NT, D-1739, D-1746TER, D-1747NTE, D-1748TE, D-1749NT, D-2123IT, D-2141I, D-2142IT, D-2143IT, D-2145NT, D-2146NT, D-2161I, D-2163IT, D-2166NT, D-2173IT, D-2177NT, D-2183IT, D-2187NT, D-2191, D-2712T, D-2733NT, D-2738, D-2745NX, D-2752NTE, D-2752TER, D-2753NT, D-2757NX, D-2766NT, D-2775TE, D-2776NT, D-2777NX, D-2779, D-2786NTE, D-2795NT, D-2796NT, D-2796TE, D-2798NT, D-2798NX, D-2799 processors
0x7e (126) 0x05 (5) 0xc2 (194) CVE-2023-23583 Ice Lake U
Ice Lake Y
10th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-1060G7, i7-1065G7, i5-1030G4, i5-1030G7, i5-1035G1, i5-1035G4, i5-1035G7, i3-1000G1, i3-1000G4, i3-1005G1
0x8c (140) 0x01 (1) 0xb4 (180) CVE-2023-23583 Tiger Lake UP3
Tiger Lake UP4
Intel® Core™ i7-1185G7, i7-1165G7, i7-1185GRE, i7-1185G7E, i7-1180G7, i7-1160G7, i5-1145G7, i5-1145GRE, i5-1145G7E, i5-1140G7, i5-1130G7, i3-1125G4, i3-1115GRE, i3-1115G4E, i3-1120G4, i3-1110G4
Intel® Celeron® 6305 Processor, Intel® Celeron® 6305E Processor
0x8c (140) 0x02 (2) 0x34 (52) CVE-2023-23583 Tiger Lake Refresh R Intel® Core™ i7-1195G7, i5-1155G7, i5-1135G7, i3-1115G4
Intel® Pentium® Gold 7505
Intel® Core™ i7-11390H, i5-11320H
0x8d (141) 0x01 (1) 0x4e (78) CVE-2023-23583 Tiger Lake H Intel® Core™ Processor i9-11980HK, i9-11950H, i9-11900H, i7-11850H, i7-11800H, i5-11500H, i5-11400H, i5-11260H, i7-11390H, i7-11375H, i7-11370H, i5-11320H, i5-11300H
Intel® Core™ Processor i7-11850HE, i3-11100HE
Intel® Xeon® W-11955M, Intel® Xeon® W-11855M
Intel® Xeon® W-11865MRE, W-11555MRE, W-11155MRE, W-11555MLE, W-11865MLE, W-11155MLE
Intel® Celeron® 6600HE
0x8f (143) 0x04 (4) 0x2c000290 (738198160) CVE-2023-23583
0x8f (143) 0x04 (4) 0x2b0004d0 (721421520) CVE-2023-23583 Sapphire Rapids SP
0x8f (143) 0x05 (5) 0x2c000290 (738198160) CVE-2023-23583 Sapphire Rapids HBM
0x8f (143) 0x05 (5) 0x2b0004d0 (721421520) CVE-2023-23583 Sapphire Rapids SP
0x8f (143) 0x06 (6) 0x2c000290 (738198160) CVE-2023-23583
0x8f (143) 0x06 (6) 0x2b0004d0 (721421520) CVE-2023-23583 Sapphire Rapids SP
0x8f (143) 0x07 (7) 0x2b0004d0 (721421520) CVE-2023-23583 Sapphire Rapids SP 4th Generation Intel® Xeon® Platinum Processors
4th Generation Intel® Xeon® Gold Processors
Intel® Xeon® Platinum 8452YL, 8455CL, 8468L, 8468VL, 8470L, 8470QL, 8475BL, 8480BL, 8480CL, 8480L
Intel® Xeon® Gold 6414UL, 6430CL, 6430L
0x8f (143) 0x08 (8) 0x2c000290 (738198160) CVE-2023-23583 Sapphire Rapids HBM Intel® Xeon® CPU Max Series processors
Intel® Xeon® CPU Max 9480, 9470, 9468, 9462, 9460
0x8f (143) 0x08 (8) 0x2b0004d0 (721421520) CVE-2023-23583 Sapphire Rapids SP 4th Generation Intel® Xeon® Scalable processors
4th Generation Intel® Xeon® Platinum processors
4th Generation Intel® Xeon® Gold Processors
4th Generation Intel® Xeon® Silver Processor
4th Generation Intel® Xeon®Bronze Processor
Intel® Xeon® Platinum 8452YL, 8455CL, 8468L, 8468VL, 8470L, 8470QL, 8475BL, 8480BL, 8480CL, 8480L, 8462Y+, 8460H, 8452Y, 8450H, 8468H, 8444H, 8470N, 8490H, 8480+, 8471N, 8470Q, 8458P, 8461V, 8468B, 8454H, 8460Y+, 8468, 8470
Intel® Xeon® Gold 6414UL, 6430CL, 6430L Processors, 6438N, 6438M, 6458Q, 5416S, 6421N, 6428N, 5411N, 5418N, 6448H, 6416H, 4410T, 6434H, 6434, 6444Y, 6448Y, 6438Y+, 5420+, 6442Y, 5418Y, 6426Y, 5412U, 5415+, 6430, 6454S, 6414U
Intel® Xeon® Silver 4416+, 4410Y
Intel® Xeon® Bronze 3408U
0x97 (151) 0x02 (2) 0x32 (50) CVE-2023-23583 Alder Lake S 8+8
Alder Lake HX
Intel® Core™ Processor i9-12900K, i9-12900KF, i7-12700K, i7-12700KF, i5-12600K, i5-12600KF, i9-12900, i9-12900F, i7-12700, i7-12700F, i5-12400, i5-12400F, i9-12900T, i7-12700T
0x97 (151) 0x05 (5) 0x32 (50) CVE-2023-23583 Alder Lake S 6+0 Intel® Core™ Processor i5-12600, i5-12500, i5-12400, i5-12400F, i3-12300, i3-12100, i3-12100F, i5-12600T, i5-12500T, i5-12400T, i3-12300T, i3-12100T
Intel® Pentium® Gold Processor G7400, G7400T
Intel® Celeron® Processor G6900, G6900T
0x9a (154) 0x03 (3) 0x430 (1072) CVE-2023-23583 Alder Lake P 6+8
Alder Lake U 9W
Intel® Core™ Processor i9-12900H, i9-12900HK, i7-12800H, i7-12700H, i7-12650H, i5-12600H, i5-12500H, i5-12450H
Intel® Core™ Processor i7-1280P, i7-1270P, i7-1260P, i5-1250P, i5-1240P, (i3-1220P)
0x9a (154) 0x04 (4) 0x5 (5) CVE-2023-23583 Intel(R) Atom(R) C1100
0x9a (154) 0x04 (4) 0x430 (1072) CVE-2023-23583 Alder Lake P 2+8 12th Generation Intel® Core™ Processor Family
Intel® Pentium® Gold Processor Family
Intel® Celeron® Processor Family
Intel® Core™ Processor i7-1265U, i7-1260U, i7-1255U, i7-1250U, i5-1245U, i5-1240U, i5-1235U, i5-1230U, i3-1215U, i3-1210U
Intel® Pentium® Gold Processor 8505, 8500
Intel® Celeron® Processor 7305, 7300
0xa7 (167) 0x01 (1) 0x5d (93) CVE-2023-23583 Rocket Lake S 11th Generation Intel® Core™ Processor Family
Intel® Xeon® E-2300 Processor Family
Intel® Xeon® W-1300 processor family
Intel® Core™ Processor i9-11900K, i9-11900KF, i9-11900, i9-11900T, i9-11900F, i7-11700K, i7-11700KF, i7-11700, i7-11700T, i7-11700F, i5-11600K, i5-11600KF, i5-11600, i5-11600T, i5-11500, i5-11500T, i5-11400, i5-11400F, i5-11400T
Intel® Xeon®E-2388G, E-2378G, E-2378, E-2386G, E-2356G, E-2336, E-2374G, E-2334, E-2324G, E-2314, E-2378G, E-2378, E-2386G, E-2356G, E-2336, E-2374G, E-2334, E-2324G, E-2314 processor
Intel® Xeon® W-1300 Processors W-1390P, W-1390, W-1390T, W-1370P, W-1370, W-1350P, W-1350
0xb7 (183) 0x01 (1) 0x11d (285) CVE-2023-23583 Raptor Lake S 13th Generation Intel® Core™ Processor Family
Intel® Processor U-series
Intel® Core™ Processor i9-13900K, i9-13900KS, i9-13905H, i9-13900HX, i9-13900F, i9-13900KF, i9-13900T, i9-13900TE, i9-13900, i9-13900HK, i9-13980HX, i9-13900H, i9-13900E, i7-13700K, i7-1370PE, i7-1365UE, i7-13700E, i7-13700HX, i7-13800H, i7-13700T, i7-13700F, i7-13700, i7-13800HE, i7-13850HX, i7-1355U, i7-1360P, i7-13705H, i7-1370P, i7-1365U, i7-13700TE, i7-13620H, i7-13700H, i7-13650HX, i7-13700K, i7-13700KF, i5-13500H, i5-1345UE, i5-1335UE, i5-13420H, i5-13400T, i5-13600, i5-13600T, i5-13400F, i5-13400, i5-1340PE, i5-13500HX, i5-13600HX, i5-1335U, i5-13600HE, i5-13400E, i5-13500H, i5-13600H, i5-1334U, i5-1340P, i5-13500E, i5-1350PE, i5-13450HX, i5-1345U, i5-13500T, i5-13500TE, i5-13505H, i5-1350P, i5-13500, i5-13600KF, i5-13600K, i3-1315U, i3-1315UE, i3-1305U, i3-13100E, i3-1320PE, i3-13100F, i3-13100, i3-13300HE, i3-1315U, i3-13100TE, i3-13100T
Intel® Processor U300E, U300
0xba (186) 0x02 (2) 0x411c (16668) CVE-2023-23583 Raptor Lake P 6+8
Raptor Lake H 6+8
13th Generation Intel® Core™ Processor Family
Intel® Processor U-series
Intel® Core™ Processor i9-13905H, i9-13900HK, i9-13900H, i7-1370PE, i7-1365UE, i7-13800H, i7-13800HE, i7-1355U, i7-1360P, i7-13705H, i7-1370P, i7-1365U, i7-13620H, i7-13700H, i5-13500H, i5-1345UE, i5-1335UE, i5-13420H, i5-1340PE, i5-1335U, i5-13600HE, i5-13500H, i5-13600H, i5-1334U, i5-1340P, i5-1350PE, i5-1345U, i5-13505H, i5-1350P, i3-1315U, i3-1315UE, i3-1305U, i3-1320PE, i3-13300HE, i3-1315U
Intel® Processor U300E, U300
0xba (186) 0x03 (3) 0x411c (16668) CVE-2023-23583 Raptor Lake U 2+8 13th Generation Intel® Core™ Processor Family
Intel® Processor U-series
Intel® Core™ Processor i7-1365UE, i7-1355U, i7-1365U, i5-1345UE, i5-1335UE, i5-1335U, i5-1334U, i5-1345U, i3-1315U, i3-1315UE, i3-1305U, i3-1315U
Intel® Processor U300E, U300
0xbe (190) 0x00 (0) 0x12 (18) CVE-2023-23583 Alder Lake N Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
0xbf (191) 0x02 (2) 0x32 (50) CVE-2023-23583 Raptor Lake S 8+8
0xbf (191) 0x05 (5) 0x32 (50) CVE-2023-23583 Raptor Lake S 6+0

See also:

Resolution

Red Hat customers running affected versions of the Red Hat products are strongly recommended to update them as soon as errata are available. Customers are urged to apply the appropriate updates immediately to mitigate this flaw correctly.

Acknowledgements

Red Hat thanks Intel for fixing these issues and making Red Hat aware.

Frequently Asked Questions

Q: Do I need to reboot for the changes to take effect?
A: No. Updating the microcode package to a version equal or later to the one identified in the table above is sufficient for these issues to be fixed.

Q: What if my CPU is not listed in the table?
A: Red Hat will continue to update these microcode packages as necessary. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended because additional improvements may be available.

Additional Information

Red Hat can not guarantee the correctness of the above information as the microcode update is provided by upstream vendors.

Related Knowledge Base articles:

Comments