Is CPU microcode available to address CVE-2017-5715 via the microcode_ctl package?
Microcode/firmware/millicode is software that microprocessor manufacturers supply to operating system vendors to take advantage of internal features of the CPU. The authoritative source for this software is the CPU manufacturer.
The microcode_ctl mechanism to update system firmware is non-persistent in nature. The microcode is loaded during each boot operation; however, it is only applied in the event that the microcode available within /lib/firmware/ for the installed CPU is newer than the revision loaded during the hardware initialization phase of boot. Updating the system firmware to a revision that includes updated microcode is applicable to any resident software, and is recommended as a more permanent solution.
Historically, Red Hat has provided updated microcode, developed by our microprocessor partners, as a customer convenience. Red Hat temporarily suspended this practice in January 2018 while microcode stabilized.
Red Hat is once again providing an updated Intel microcode package, microcode_ctl, and AMD microcode package, linux-firmware, to customers in order to simplify deployment processes and minimize downtime.
Note: RHEL7 splits the microcode into two rpms: Intel in microcode_ctl and AMD in linux-firmware. RHEL6 and earlier releases have both Intel and AMD in the same microcode_ctl rpm.
Red Hat will continue to update these microcode packages as necessary. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended, as additional improvements may be available.
Please use the following Red Hat Customer Portal Lab App to verify systems have the necessary microprocessor firmware to address CVE-2017-5715 (variant 2).
Red Hat Customer Portal Labs - Spectre And Meltdown Detector
Note: To check your system's CPU model:
egrep -e 'model|cpu family|stepping|microcode' /proc/cpuinfo | sort | uniq
Intel Microcode Updates that mitigate CVE-2017-5715, branch target injection, Spectre-V2.
| Model # (dec) | Stepping (dec) | Minimum MCU Rev for Spectre v2 mitigation | Codename | Model Name |
| 0x4e (78) | 0x03 (3) | 0x00c2 |
Skylake U/Y Skylake U23e |
6th Generation Intel® Core™ m Processors |
| 0x4e (78) | 0x01 (1) | 0x00c2 | Gemini Lake |
Intel® Pentium® Silver processors N5xxx, J5xxx Intel® Celeron® processors N4xxx, J4xxx |
| 0x9e (158) | 0x0b (11) | 0x0084 | Coffee Lake - S (4+2) | 8th Generation Intel® Core™ Desktop Processor Family |
| 0x46 (70) | 0x01 (1) | 0x0019 | Haswell Perf Halo | Intel® Core™ Extreme Processor (5960x, 5930x, 5820x) |
| 0x9e (158) | 0x09 (9) | 0x0084 |
Kaby Lake H/S/X/G Kaby Lake Xeon E3" |
7th Generation Intel® Core™ Processor Family Intel® Xeon® Processor v6 E3-1220, E3-1225, E3-1230, E3-1240, E3-1245, E3-1270, E3-1275, E3-1280" |
| 0x3d (61) | 0x04 (4) | 0x002a | Broadwell U/Y |
Intel® Core™ Processor i7-5650U,i7-5600U, i7-5557U, i7-5550U, i7-5500U Intel® Core™ Processor i5-5350U, i5-5350,i5-5300U, i5-5287U,i5-5257U, i5-5250U, i5-5200U Intel® Core™ Processor i3-5157U, i3-5020U, i3-5015U, i3-5010U, i3-5006U, i3-5005U, i3-5010U, i5-5350U, i7-5650U Intel® Core™ Processor M-5Y71, M-5Y70, M-5Y51, M-5Y3, M-5Y10c, M -5Y10a, M-5Y10 Intel® Pentium® Processor 3805U, 3825U, 3765U, 3755U, 3215U, 3205U Intel® Celeron® 3765U |
| 0x56 (86) | 0x03 (3) | 0x7000012 | Broadwell DE V2,V3 |
Intel® Xeon® Processor D-1518, D-1519, D-1521, D-1527, D-1528, D-1531, D-1533, D-1537, D-1541, D-1548 Intel® Pentium® Processor D1507, D1508, D1509, D1517, D1519 |
| 0x2d (45) | 0x07 (7) | 0x0713 | Sandy Bridge Server EN/EP/EP4S |
Intel® Xeon® Processor E5-1428L, E5-1620, E5-1650, E5-1660, E5-2403, E5-2407, E5-2418L, E5-2420, E5-2428L, E5-2430, E5-2430L, E5-2440, E5-2448L, E5-2450, E5-2450L, E5-2470, E5-2603, E5-2609, E5-2620, E5-2630, E5-2630L, E5-2637, E5-2640, E5-2643, E5-2648L, E5-2650, E5-2650L, E5-2658, E5-2660, E5-2665, E5-2667, E5-2670, E5-2680, E5-2687W, E5-2690, E5-4603, E5-4607, E5-4610, E5-4617, E5-4620, E5-4640, E5-4650, E5-4650L Intel® Pentium® Processor 1405 |
| 0x2a (42) | 0x07 (7) | 0x002d |
Sandy Bridge Sandy Bridge Xeon E3 |
Intel® Core™ i3-21xx/23xx-T/M/E/UE Processor Intel® Core™ i5-23xx/24xx/25xx-T/S/M/K Processor Intel® Core™ i7-2xxx-S/K/M/QM/LE/UE/QE Processor Intel® Core™ i7-29xxXM Extreme Processor Intel® Celeron® Desktop G4xx, G5xx Processor Intel® Celeron® Mobile 8xx, B8xx Processor Intel® Pentium® Desktop 350, G6xx, G6xxT, G8xx Processor Intel® Pentium® Mobile 9xx, B9xx Processor Intel® Xeon® Processor E3-1200 Product Family |
| 0x2d (45) | 0x06 (6) | 0x061c | Sandy Bridge Server EN/EP/EP4S | Intel® Xeon® Processor E5-2620, E5-2630, E5-2630L, E5-2640, E5-2650, E5-2650L, E5-2660, E5-2667, E5-2670, E5-2680, E5-2690 |
| 0x8e (142) | 0x09 (9) | 0x0084 | Kaby Lake U/Y, U23e | 7th Generation Intel® Core™ Mobile Processors |
| 0x9e (158) | 0x0a (10) | 0x0084 |
Coffee Lake H (6+2) Coffee Lake S (6+2) Coffee Lake S (6+2) Xeon E Coffee Lake-S (4+2) Xeon E Coffee Lake-S (6+2) x/KBP |
8th Generation Intel® Core™ Processor Family |
| 0x8e (142) | 0x0a (10) | 0x0084 |
Kaby Lake Refresh U 4+2 Coffee Lake U43e |
8th Generation Intel® Core™ Mobile Processor Family 8th Generation Intel® Core™ Processor Family |
| 0x3f (63) | 0x02 (2) | 0x003c | Haswell Server E, EP, EP4S | Intel® Xeon® Processor v3 E5-1428L, E5-1603, E5-1607, E5-1620, E5-1630, E5-1650, E5-1660, E5-1680, E5-2408L, E5-2418L, E5-2428L, E5-2438L, E5-2603, E5-2608L, E5-2608L, E5-2609, E5-2618L, E5-2620, E5-2623, E5-2628L, E5-2630, E5-2630L, E5-2637, E5-2640, E5-2643, E5-2648L, E5-2650, E5-2650L, E5-2658, E5-2660, E5-2667, E5-2670, E5-2680, E5-2683, E5-2685, E5-2687W, E5-2690, E5-2695, E5-2697, E5-2698, E5-2699, E5-4610, E5-4620, E5-4627, E5-4640, E5-4648, E5-4650, E5-4655, E5-4660, E5-4667, E5-4669 |
| 0x5e (94) | 0x03 (3) | 0x00c2 |
Skylake H/S Skylake Xeon E3 |
6th Generation Intel® Core™ Processor Family Intel® Xeon® Processor v5 E3-1220, E3-1225, E3-1230, E3-1235L, E3-1240, E3-1240L, E3-1245, E3-1260L, E3-1270, E3-1275, E3-1280 |
| 0x56 (86) | 0x02 (2) | 0x0015 | Broadwell DE V1 | Intel® Xeon® Processor D-1520, D-1540 |
| 0x3f (63) | 0x04 (4) | 0x0011 | Haswell Server EX | Intel® Xeon® Processor E7-4809V3, E7-4820V3, E7-4830V3, E7-4850V3, E7-8860V3, E7-8867V3, E7-8870V3, E7-8880LV3, E7-8880V3, E7-8890V3, E7-8891V3, E7-8893V3 |
| 0x3e (62) | 0x04 (4) | 0x042c |
Ivy Bridge Server E, EN, EP, EP4S Ivy Bridge E |
Intel® Xeon® Processor v2 E5-1428L, E5-1620, E5-1650, E5-1660, E5-2403, E5-2407, E5-2418L, E5-2420, E5-2428L, E5-2430, E5-2430L, E5-2440, E5-2448L, E5-2450, E5-2450L, E5-2470, E5-2603, E5-2609, E5-2618L, E5-2620, E5-2628L, E5-2630, E5-2630L, E5-2637, E5-2640, E5-2643, E5-2648L, E5-2650, E5-2650L, E5-2658, E5-2660, E5-2667, E5-2670, E5-2680, E5-2687W, E5-2690, E5-2695, E5-2697, E5-4603, E5-4607, E5-4610, E5-4620, E5-4624L, E5-4627, E5-4640, E5-4650, E5-4657L Intel® Core™ Processor Extreme Edition i7-4960X Intel® Core™ Processor i7-4820K, i7-4930K" |
| 0x55 (85) | 0x04 (4) | 0x2000043 |
Skylake D, Bakerville Skylake Server Skylake W Skylake X, Basin Falls |
Intel® Xeon® Processor D-2123IT, D-2141I, D-2142IT, D-2143IT, D-2145NT, D-2146NT, D-2161I, D-2163IT, D-2166NT, D-2173IT, D-2177NT, D-2183IT, D-2187NT Intel® Xeon® Bronze Processor 3104, 3106 Intel® Xeon® Gold Processor 5115, 5118, 5119T, 5120, 5120T, 5122, 6126, 6126F, 6126T, 6128, 6130, 6130F, 6130T, 6132, 6134, 6134M, 6136, 6138, 6138F, 6138T, 6140, 6140M, 6142, 6142F, 6142M, 6144, 6146, 6148, 6148F, 6150, 6152, 6154 Intel® Xeon® Platinum Processor 8153, 8156, 8158, 8160, 8160F, 8160M, 8160T, 8164, 8168, 8170, 8170M, 8176, 8176F, 8176M, 8180, 8180M Intel® Xeon® Silver Processor 4108, 4109T, 4110, 4112, 4114, 4114T, 4116, 4116T Intel® Xeon® Processor W-2123, W-2125, W-2133, W-2135, W-2145, W-2155, W-2195, W-2175 Intel® Core™ i9 79xxX, 78xxX" |
| 0x56 (86) | 0x04 (4) | 0xf000011 | Broadwell DE Y0 | Intel® Xeon® Processor D-1557, D-1559, D-1567, D-1571, D-1577, D-1581, D-1587 |
| 0x55 (85) | 0x03 (3) | 0x1000140 | Skylake X | Intel Xeon Scalable B1 |
| 0x3e (62) | 0x07 (7) | 0x0713 | Ivy Bridge Server EX | E5-4610, E5-4620, E5-4624L, E5-4627, E5-4640, E5-4650, E5-4657L |
| 0x56 (85) | 0x05 (5) | 0xe000009 | Broadwell DE A1 | Intel® Xeon® Processor D-1513N, D-1523N, D-1533N, D-1543N, D1553N |
| 0x3c (60) | 0x03 (3) | 0x0024 |
Haswell (including H, S) Haswell Xeon E3 |
4th Generation Intel® Core™ Mobile Processor Family, Intel® Pentium® Mobile Processor Family, Intel® Celeron® Mobile Processor Family Intel® Xeon® Processor E3-1220V3, E3-1225V3, E3-1230LV3, E3-1230V3, E3-1240V3, E3-1245V3, E3-1270V3, E3-1275LV3, E3-1275V3, E3-1280V3, E3-1285LV3, E3-1285LV3, E3-1285V3 |
| 0x47 (71) | 0x01 (1) | 0x001d |
Broadwell H 43e Broadwell Xeon E3 |
Intel® Core™ Processor i7-5950HQ, i7-5850HQ, i7-5750HQ, i7-5700HQ Intel® Core™ Processor i5-5575R, i5-5675C, i5-5675R, i7-5775C, i7-5775R Intel® Core™ Processor i7-5700EQ, i7-5850EQ Intel® Xeon® Processor v4 E3-1258L, E3-1265L, E3-1278L, E3-1285, E3-1285 |
| 0x3a (58) | 0x09 (9) | 0x001f |
Gladden Ivy Bridge Ivy Bridge Xeon E3 |
Intel® Core™ Processor i3-2115C, i3-3115C Intel® Pentium® Processor B915C, B925C Intel® Celeron® Processor 725C Intel® Xeon® Processor E3-1105C, E3-1125C, E3-1105C v2, E3-1125C v2 3rd Generation Intel® Core™ Mobile Processor Family, Intel® Pentium® Mobile Processor Family, and Intel® Celeron® Mobile Processor Family Intel® Core™ Processor Extreme Edition i7-4960X Intel® Core™ Processor i7-4820K, i7-4930K |
| 0x45 (69) | 0x01 (1) | 0x0023 | Haswell ULT | 4th Generation Intel® Core™ Mobile Processor Family, Intel® Pentium® Mobile Processor Family, Intel® Celeron® Mobile Processor Family |
| 0x4f (79) ** | 0x01 (1) | 0xb00002c | Broadwell EP/EX ** | Intel® Xeon® E5, Dual-Processor platform, Intel® Xeon® E7, Multi-Processor platform, QPI ** |
** Microcode for model number 79 CPU, aka, Broadwell EP/EX, is not automatically loaded. Please this Kbase article for more details.
AMD firmware that mitigates CVE-2017-5715, branch target injection, Spectre-V2.
| CPUID | Family | Model Number | Model Name | Minimum MCU Rev for Spectre v2 mitigation | 0x4e (78) | 15h | 00-0fh | Opteron 6200/4200 | 0x0600063E | 0x00600f20 | 15h | 00-0fh | Opteron 6300/4300 | 0x06000852 | 0x00800F12 | 17h | 00-0fh | EPYC 7xx1 Series | 0x08001227 |
What if my CPU is not listed in the table?
Red Hat will continue to update these microcode packages as necessary. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended because additional improvements may be available.
More information can be found in the following reference documentation:
Comments