Intel November 2023 Microcode Update
Updated -
Table of Contents
Overview
Red Hat is aware of several CPU hardware flaws that affect Intel CPU hardware microarchitecture and on-board components.
Red Hat provides updated microcode, developed by our microprocessor partners, as a customer convenience. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended, as additional improvements may be available.
Background
Security Issues
CVE-2023-23583: execution of MOVSB instructions with redundant REX prefix leads to unintended system behavior
A security vulnerability was found in some Intel processors. Execution of REP MOVSB instructions with a redundant REX prefix may result in execution continuing at an incorrect EIP address after a micro-architectural event occurs, potentially allowing privilege escalation, information disclosure and/or a denial of service via local access.
This issue requires a microcode update.
This issue has been assigned CVE-2023-23583 and is rated Important.
See also:
- Tech Paper: Redundant Prefix Issue
- INTEL-SA-00950
- Blog: Chips & Salsa Episode 60: Unexpected Redundant Prefix Behavior
Update Availability
The updates are provided based on the supported status of the affected CPU models for each specific Red Hat product version.
| Product | Fixed in package | Advisory link |
|---|---|---|
| Red Hat Enterprise Linux 9.3.0 (Z-stream) | microcode_ctl-20230808-2.20231009.1.el9_3 | RHEA-2023:7251 |
| Red Hat Enterprise Linux 9.2.0 EUS | microcode_ctl-20220809-2.20231009.1.el9_2 | RHEA-2023:7286 |
| Red Hat Enterprise Linux 9.0.0 EUS | microcode_ctl-20230207-1.20231009.1.el9_0 | RHEA-2023:7285 |
| Red Hat Enterprise Linux 8.9.0 (Z-stream) | microcode_ctl-20230808-2.20231009.1.el8_9 | RHEA-2023:7250 |
| Red Hat Enterprise Linux 8.8.0 EUS | microcode_ctl-20220809-2.20231009.1.el8_8 | RHEA-2022:7284 |
| Red Hat Enterprise Linux 8.6.0 EUS | microcode_ctl-20220207-1.20231009.1.el8_6 | RHEA-2023:7287 |
| Red Hat Enterprise Linux 8.4.0 AUS/E4S/EUS | microcode_ctl-20210216-1.20231009.1.el8_4 | RHEA-2024:7289 |
| Red Hat Enterprise Linux 8.2.0 AUS/E4S/EUS | microcode_ctl-20191115-4.20231009.1.el8_2 | RHEA-2023:7290 |
| Red Hat Enterprise Linux 8.1.0 E4S | microcode_ctl-20190618-1.20231009.1.el8_1 | RHEA-2023:7282 |
| Red Hat Enterprise Linux 7.9 (Z-stream) | microcode_ctl-2.1-73.9.el7_9 | RHEA-2023:7283 |
| Red Hat Enterprise Linux 7.7 AUS | No update is provided | |
| Red Hat Enterprise Linux 7.6 AUS | No update is provided | |
| Red Hat Enterprise Linux 6.10 (ELS) | No update is provided |
Affected Configurations
Listed below are the CPU families affected by these flaws broken down by the flaw type. You must determine your CPU’s family to see if you are affected.
Find Your CPU Family Model
Find the CPU model provided by your system. This is available in the /proc/cpuinfo file.
$ grep -E '^(cpu family|model|stepping|microcode)' /proc/cpuinfo | sort -u
cpu family : 6
microcode : 0x84
model : 94
model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping : 3
(Note: on RHEL 6, microcode revision is in decimal; on RHEL 7 onwards, it is in hexadecimal with the respective "0x" prefix.)
Intel Microcode Updates That Mitigate The Issues
| Model No. (dec) | Stepping (dec) | Minimum microcode revision for mitigation (dec) | Applicable vulnerabilities and errata | Codename | Model Name |
|---|---|---|---|---|---|
| 0x6a (106) | 0x06 (6) | 0xd0003b9 (218104761) | CVE-2023-23583 | Ice Lake SP | 3rd Generation Intel® Xeon® Scalable Processors Intel® Xeon® Platinum 8300 processors Intel® Xeon® Gold 6300 processors Intel® Xeon® Gold 5300 processors Intel® Xeon® Silver 4300 processors Intel® Xeon® W-3323, W-3375, W-3345, W-3335, W-3365 Processors |
| 0x6c (108) | 0x01 (1) | 0x1000268 (16777832) | CVE-2023-23583 | Ice Lake D | Intel® Xeon® D Processor Intel® Xeon® D-1513N, D-1518, D-1520, D-1521, D-1523N, D-1524N, D-1527, D-1528, D-1529, D-1531, D-1533N, D-1537, D-1539, D-1540, D-1541, D-1543N, D-1548, D-1553N, D-1557, D-1559, D-1563N, D-1564N, D-1567, D-1571, D-1573N, D-1577, D-1581, D-1587, D-1602, D-1612, D-1622, D-1623N, D-1627, D-1632, D-1633N, D-1637, D-1649N, D-1653N, D-1702, D-1712TR, D-1713NT, D-1713NTE, D-1714, D-1715TER, D-1718T, D-1722NE, D-1726, D-1732TE, D-1733NT, D-1734NT, D-1735TR, D-1736, D-1736NT, D-1739, D-1746TER, D-1747NTE, D-1748TE, D-1749NT, D-2123IT, D-2141I, D-2142IT, D-2143IT, D-2145NT, D-2146NT, D-2161I, D-2163IT, D-2166NT, D-2173IT, D-2177NT, D-2183IT, D-2187NT, D-2191, D-2712T, D-2733NT, D-2738, D-2745NX, D-2752NTE, D-2752TER, D-2753NT, D-2757NX, D-2766NT, D-2775TE, D-2776NT, D-2777NX, D-2779, D-2786NTE, D-2795NT, D-2796NT, D-2796TE, D-2798NT, D-2798NX, D-2799 processors |
| 0x7e (126) | 0x05 (5) | 0xc2 (194) | CVE-2023-23583 | Ice Lake U Ice Lake Y |
10th Generation Intel® Core™ Processor Family Intel® Core™ Processor i7-1060G7, i7-1065G7, i5-1030G4, i5-1030G7, i5-1035G1, i5-1035G4, i5-1035G7, i3-1000G1, i3-1000G4, i3-1005G1 |
| 0x8c (140) | 0x01 (1) | 0xb4 (180) | CVE-2023-23583 | Tiger Lake UP3 Tiger Lake UP4 |
Intel® Core™ i7-1185G7, i7-1165G7, i7-1185GRE, i7-1185G7E, i7-1180G7, i7-1160G7, i5-1145G7, i5-1145GRE, i5-1145G7E, i5-1140G7, i5-1130G7, i3-1125G4, i3-1115GRE, i3-1115G4E, i3-1120G4, i3-1110G4 Intel® Celeron® 6305 Processor, Intel® Celeron® 6305E Processor |
| 0x8c (140) | 0x02 (2) | 0x34 (52) | CVE-2023-23583 | Tiger Lake Refresh R | Intel® Core™ i7-1195G7, i5-1155G7, i5-1135G7, i3-1115G4 Intel® Pentium® Gold 7505 Intel® Core™ i7-11390H, i5-11320H |
| 0x8d (141) | 0x01 (1) | 0x4e (78) | CVE-2023-23583 | Tiger Lake H | Intel® Core™ Processor i9-11980HK, i9-11950H, i9-11900H, i7-11850H, i7-11800H, i5-11500H, i5-11400H, i5-11260H, i7-11390H, i7-11375H, i7-11370H, i5-11320H, i5-11300H Intel® Core™ Processor i7-11850HE, i3-11100HE Intel® Xeon® W-11955M, Intel® Xeon® W-11855M Intel® Xeon® W-11865MRE, W-11555MRE, W-11155MRE, W-11555MLE, W-11865MLE, W-11155MLE Intel® Celeron® 6600HE |
| 0x8f (143) | 0x04 (4) | 0x2c000290 (738198160) | CVE-2023-23583 | ||
| 0x8f (143) | 0x04 (4) | 0x2b0004d0 (721421520) | CVE-2023-23583 | Sapphire Rapids SP | |
| 0x8f (143) | 0x05 (5) | 0x2c000290 (738198160) | CVE-2023-23583 | Sapphire Rapids HBM | |
| 0x8f (143) | 0x05 (5) | 0x2b0004d0 (721421520) | CVE-2023-23583 | Sapphire Rapids SP | |
| 0x8f (143) | 0x06 (6) | 0x2c000290 (738198160) | CVE-2023-23583 | ||
| 0x8f (143) | 0x06 (6) | 0x2b0004d0 (721421520) | CVE-2023-23583 | Sapphire Rapids SP | |
| 0x8f (143) | 0x07 (7) | 0x2b0004d0 (721421520) | CVE-2023-23583 | Sapphire Rapids SP | 4th Generation Intel® Xeon® Platinum Processors 4th Generation Intel® Xeon® Gold Processors Intel® Xeon® Platinum 8452YL, 8455CL, 8468L, 8468VL, 8470L, 8470QL, 8475BL, 8480BL, 8480CL, 8480L Intel® Xeon® Gold 6414UL, 6430CL, 6430L |
| 0x8f (143) | 0x08 (8) | 0x2c000290 (738198160) | CVE-2023-23583 | Sapphire Rapids HBM | Intel® Xeon® CPU Max Series processors Intel® Xeon® CPU Max 9480, 9470, 9468, 9462, 9460 |
| 0x8f (143) | 0x08 (8) | 0x2b0004d0 (721421520) | CVE-2023-23583 | Sapphire Rapids SP | 4th Generation Intel® Xeon® Scalable processors 4th Generation Intel® Xeon® Platinum processors 4th Generation Intel® Xeon® Gold Processors 4th Generation Intel® Xeon® Silver Processor 4th Generation Intel® Xeon®Bronze Processor Intel® Xeon® Platinum 8452YL, 8455CL, 8468L, 8468VL, 8470L, 8470QL, 8475BL, 8480BL, 8480CL, 8480L, 8462Y+, 8460H, 8452Y, 8450H, 8468H, 8444H, 8470N, 8490H, 8480+, 8471N, 8470Q, 8458P, 8461V, 8468B, 8454H, 8460Y+, 8468, 8470 Intel® Xeon® Gold 6414UL, 6430CL, 6430L Processors, 6438N, 6438M, 6458Q, 5416S, 6421N, 6428N, 5411N, 5418N, 6448H, 6416H, 4410T, 6434H, 6434, 6444Y, 6448Y, 6438Y+, 5420+, 6442Y, 5418Y, 6426Y, 5412U, 5415+, 6430, 6454S, 6414U Intel® Xeon® Silver 4416+, 4410Y Intel® Xeon® Bronze 3408U |
| 0x97 (151) | 0x02 (2) | 0x32 (50) | CVE-2023-23583 | Alder Lake S 8+8 Alder Lake HX |
Intel® Core™ Processor i9-12900K, i9-12900KF, i7-12700K, i7-12700KF, i5-12600K, i5-12600KF, i9-12900, i9-12900F, i7-12700, i7-12700F, i5-12400, i5-12400F, i9-12900T, i7-12700T |
| 0x97 (151) | 0x05 (5) | 0x32 (50) | CVE-2023-23583 | Alder Lake S 6+0 | Intel® Core™ Processor i5-12600, i5-12500, i5-12400, i5-12400F, i3-12300, i3-12100, i3-12100F, i5-12600T, i5-12500T, i5-12400T, i3-12300T, i3-12100T Intel® Pentium® Gold Processor G7400, G7400T Intel® Celeron® Processor G6900, G6900T |
| 0x9a (154) | 0x03 (3) | 0x430 (1072) | CVE-2023-23583 | Alder Lake P 6+8 Alder Lake U 9W |
Intel® Core™ Processor i9-12900H, i9-12900HK, i7-12800H, i7-12700H, i7-12650H, i5-12600H, i5-12500H, i5-12450H Intel® Core™ Processor i7-1280P, i7-1270P, i7-1260P, i5-1250P, i5-1240P, (i3-1220P) |
| 0x9a (154) | 0x04 (4) | 0x5 (5) | CVE-2023-23583 | Intel(R) Atom(R) C1100 | |
| 0x9a (154) | 0x04 (4) | 0x430 (1072) | CVE-2023-23583 | Alder Lake P 2+8 | 12th Generation Intel® Core™ Processor Family Intel® Pentium® Gold Processor Family Intel® Celeron® Processor Family Intel® Core™ Processor i7-1265U, i7-1260U, i7-1255U, i7-1250U, i5-1245U, i5-1240U, i5-1235U, i5-1230U, i3-1215U, i3-1210U Intel® Pentium® Gold Processor 8505, 8500 Intel® Celeron® Processor 7305, 7300 |
| 0xa7 (167) | 0x01 (1) | 0x5d (93) | CVE-2023-23583 | Rocket Lake S | 11th Generation Intel® Core™ Processor Family Intel® Xeon® E-2300 Processor Family Intel® Xeon® W-1300 processor family Intel® Core™ Processor i9-11900K, i9-11900KF, i9-11900, i9-11900T, i9-11900F, i7-11700K, i7-11700KF, i7-11700, i7-11700T, i7-11700F, i5-11600K, i5-11600KF, i5-11600, i5-11600T, i5-11500, i5-11500T, i5-11400, i5-11400F, i5-11400T Intel® Xeon®E-2388G, E-2378G, E-2378, E-2386G, E-2356G, E-2336, E-2374G, E-2334, E-2324G, E-2314, E-2378G, E-2378, E-2386G, E-2356G, E-2336, E-2374G, E-2334, E-2324G, E-2314 processor Intel® Xeon® W-1300 Processors W-1390P, W-1390, W-1390T, W-1370P, W-1370, W-1350P, W-1350 |
| 0xb7 (183) | 0x01 (1) | 0x11d (285) | CVE-2023-23583 | Raptor Lake S | 13th Generation Intel® Core™ Processor Family Intel® Processor U-series Intel® Core™ Processor i9-13900K, i9-13900KS, i9-13905H, i9-13900HX, i9-13900F, i9-13900KF, i9-13900T, i9-13900TE, i9-13900, i9-13900HK, i9-13980HX, i9-13900H, i9-13900E, i7-13700K, i7-1370PE, i7-1365UE, i7-13700E, i7-13700HX, i7-13800H, i7-13700T, i7-13700F, i7-13700, i7-13800HE, i7-13850HX, i7-1355U, i7-1360P, i7-13705H, i7-1370P, i7-1365U, i7-13700TE, i7-13620H, i7-13700H, i7-13650HX, i7-13700K, i7-13700KF, i5-13500H, i5-1345UE, i5-1335UE, i5-13420H, i5-13400T, i5-13600, i5-13600T, i5-13400F, i5-13400, i5-1340PE, i5-13500HX, i5-13600HX, i5-1335U, i5-13600HE, i5-13400E, i5-13500H, i5-13600H, i5-1334U, i5-1340P, i5-13500E, i5-1350PE, i5-13450HX, i5-1345U, i5-13500T, i5-13500TE, i5-13505H, i5-1350P, i5-13500, i5-13600KF, i5-13600K, i3-1315U, i3-1315UE, i3-1305U, i3-13100E, i3-1320PE, i3-13100F, i3-13100, i3-13300HE, i3-1315U, i3-13100TE, i3-13100T Intel® Processor U300E, U300 |
| 0xba (186) | 0x02 (2) | 0x411c (16668) | CVE-2023-23583 | Raptor Lake P 6+8 Raptor Lake H 6+8 |
13th Generation Intel® Core™ Processor Family Intel® Processor U-series Intel® Core™ Processor i9-13905H, i9-13900HK, i9-13900H, i7-1370PE, i7-1365UE, i7-13800H, i7-13800HE, i7-1355U, i7-1360P, i7-13705H, i7-1370P, i7-1365U, i7-13620H, i7-13700H, i5-13500H, i5-1345UE, i5-1335UE, i5-13420H, i5-1340PE, i5-1335U, i5-13600HE, i5-13500H, i5-13600H, i5-1334U, i5-1340P, i5-1350PE, i5-1345U, i5-13505H, i5-1350P, i3-1315U, i3-1315UE, i3-1305U, i3-1320PE, i3-13300HE, i3-1315U Intel® Processor U300E, U300 |
| 0xba (186) | 0x03 (3) | 0x411c (16668) | CVE-2023-23583 | Raptor Lake U 2+8 | 13th Generation Intel® Core™ Processor Family Intel® Processor U-series Intel® Core™ Processor i7-1365UE, i7-1355U, i7-1365U, i5-1345UE, i5-1335UE, i5-1335U, i5-1334U, i5-1345U, i3-1315U, i3-1315UE, i3-1305U, i3-1315U Intel® Processor U300E, U300 |
| 0xbe (190) | 0x00 (0) | 0x12 (18) | CVE-2023-23583 | Alder Lake N | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E |
| 0xbf (191) | 0x02 (2) | 0x32 (50) | CVE-2023-23583 | Raptor Lake S 8+8 | |
| 0xbf (191) | 0x05 (5) | 0x32 (50) | CVE-2023-23583 | Raptor Lake S 6+0 |
See also:
Resolution
Red Hat customers running affected versions of the Red Hat products are strongly recommended to update them as soon as errata are available. Customers are urged to apply the appropriate updates immediately to mitigate this flaw correctly.
Acknowledgements
Red Hat thanks Intel for fixing these issues and making Red Hat aware.
Frequently Asked Questions
Q: Do I need to reboot for the changes to take effect?
A: No. Updating the microcode package to a version equal or later to the one identified in the table above is sufficient for these issues to be fixed.
Q: What if my CPU is not listed in the table?
A: Red Hat will continue to update these microcode packages as necessary. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended because additional improvements may be available.
Additional Information
Red Hat can not guarantee the correctness of the above information as the microcode update is provided by upstream vendors.
Related Knowledge Base articles:
- Is CPU microcode available to address CVE-2017-5715 via the microcode_ctl package?
- Is CPU microcode available to address CVE-2018-3639 via the microcode_ctl package?
- Is CPU microcode available to address CVE-2018-3620 and CVE-2018-3646 via the microcode_ctl package?
- Is CPU microcode available to address MDS (ZombieLoad) CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091 via the microcode_ctl package?
- Intel November 2019 Microcode Update
- Intel June 2020 Microcode Update
- Intel November 2020 Microcode Update
- Intel June 2021 Microcode Update
- Intel Febraury 2022 Microcode Update
Comments