Intel November 2019 Microcode Update
Table of Contents
- Overview
- Background
- CVE-2019-11135: Transactional Synchronization Extensions (TSX) Asynchronous Abort (TAA)
- TA Indirect Sharing Erratum (Information Leak)
- Incomplete fixes for previous MDS mitigations (VERW)
- SHUF* instruction implementation flaw (DoS)
- CVE-2019-0117: Intel SGX (Information Leak)
- EGETKEY Erratum
- CVE-2019-11139: Voltage modulation vulnerability
- Voltage Modulation (FIVR erratum)
Overview
Red Hat is aware of several CPU hardware flaws that affect Intel CPU hardware microarchitecture and on-board components.
Red Hat provides updated microcode, developed by our microprocessor partners, as a customer convenience. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended, as additional improvements may be available.
Background
CVE-2019-11135: Transactional Synchronization Extensions (TSX) Asynchronous Abort (TAA)
Transactional Synchronization Extensions (TSX) Asynchronous Abort is an MDS-style flaw affecting the same buffers that the previous MDS-style vulnerability was able to affect. A local attacker using custom code can use this flaw to gather information from cache contents on the processor and sibling logical processors on processors that support simultaneous multithreading (SMT) and TSX.
The flaw found in the implementation of Intel TSX abortion where a local authenticated attacker, with the ability to monitor execution time of TSX regions, is able to infer memory state by comparing abort execution times.
This could allow information disclosure via this observed side channel while an attacker is able to observe abort timing of the transaction.
This issue has been assigned CVE-2019-11135 and is rated Moderate.
TA Indirect Sharing Erratum (Information Leak)
A flaw has been identified in the implementation of Intel microprocessors’ Target Array (TA) sharing. The Target Array is a fast-access buffer used by the branch prediction unit within a CPU core. The same target array is shared between logical processor threads.
The CPU branch prediction used would create branch targets’ as part of its regular work. When a branch target (the destination of an indirect branch) is detected as synonymous between two sibling threads, the processor creates only a single entry in the branch Target Array.
An attacker with local authenticated access can cause the branch prediction unit to use an indirect target on both logical processors. A flaw in the CPU's indirect target matching would incorrectly match some targets as matching when they did not.
This incorrect matching can be used as an attack vector for an attacker to carry out a Spectre-V2 style attack on the impacted processor.
A microcode update is available that can disable TA sharing between logical processors to change the behaviour will mitigate this flaw.
Incomplete fixes for previous MDS mitigations (VERW)
Firmware changes released on 14 May 2019 for the initial round of MDS overloaded an instruction that was intended to clear a buffer to ensure information would not leak to the end user. This fix modified four of the instructions to perform additional functionality to be used by the operating systems in an attempt to mitigate the flaw. These instructions were:
- VERW instruction
- L1D_FLUSH instruction
- RSM (Return from System Management mode)
- SGX Enter and SGX Exit. (Secure Enclave Enter and Exit).
The VERW and L1D_FLUSH commands were used by operating system vendors to instruct the firmware running on the affected processors to overwrite buffer values that can be used in the various MDS attack set.
The flaw is that the L1D buffers were incorrectly cleared and not all bits of the buffer were set to zero. Some parts (bits 16-31 and 48-63) of the buffer were restored to their last known value prior to clearing shortly after they were set to be cleared.
This allows a side-channel into the partially shared data by the system, but to a lesser extent than previous MDS exposure.
A local attacker would need to execute an MDS style attack on systems to gather intelligence on the system. The attack reliability is believed to be considerably less reliable than previous MDS style attacks.
This issue requires a microcode update and it is expected to have no performance impact or change.
SHUF* instruction implementation flaw (DoS)
A flaw was found in Intel microprocessors’ implementation of packed byte shuffle AVX instructions (SHUF*). The defect can be exploited to cause stability problems in the processor and possibly create a Machine Check Exception (MCE).
This could allow an attacker with a local account to possibly crash the system or the host within a guest on a virtual environment.
This issue requires a microcode update and it is expected to have no expected performance impact or change.
CVE-2019-0117: Intel SGX (Information Leak)
A flaw was found in the implementation of SGX around the access control of protected memory. A local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code is able to infer the contents of the SGX protected memory.
This issue has been assigned CVE-2019-0117 and is rated Moderate.
EGETKEY Erratum
The Intel SGX functionality provides hardware instructions used to verify a memory structure has been cryptographically created by the running hardware.
The EGETKEY assembly instruction provides software running in the secure enclave with keys used by this functionality.
When hyperthreading is enabled a race condition exists where a local attacker could access the reset key used for the core and from this information derive the HT-disabled key and use this to emulate/impersonate a HT-disabled platform.
CVE-2019-11139: Voltage modulation vulnerability
Contemporary Intel processors incorporate a system controlled device known as a Voltage Regulator (VR), used to manage the amount of power provided to discrete parts of the CPU. The voltage regulator can adjust voltage requirements whenever certain subsystems of the CPU are in use. An example unit of this is the AVX subsystem on recent CPUs. This subsystem can be powered down when not recently used.
A defect in the design of the regular allows erroneous response to so-called 0mv (no adjustment) messages to the regulator under certain conditions.
An attacker who is able to issue logic control to the regulator can crash the system or reduce the lifespan of the voltage regulation unit of this hardware.
This issue has been assigned CVE-2019-11139 and is rated Moderate.
A microcode update to the power control unit will disable the ability to send 0mv adjustment logic, preventing erroneous responses.
Voltage Modulation (FIVR erratum)
A vulnerability in the voltage regulation unit for Intel processors may allow a denial of service that can allow a local privileged user to crash the system.
Conditional Jump Macro-fusion (DoS or Privilege Escalation)
Intel microprocessors include logic known as Macro-Op Fusion (MOP) where an intermediary layer will batch together sequences of instructions into a single micro-operation (μOp) to be performed by the CPU's hardware.
An implementation defect in Intel’s design of MOP Fusion on recent processors allows malicious code to cause undefined behavior. The most likely side effect is that exploitation of this condition can lead to crashes and system errors.
The precise conditions of this vulnerability involve conditional branches that have previously been decoded by the DSB (Decoded Stream Buffer or “μOp cache”) that also crosses a cache line boundary. Under a corner case condition, such a sequence will incorrectly attempt to execute code that does not exist, leading to a range of errors from #UD (Undefined Instruction kernel panic) and spurious page faults (which may also panic the system). Red Hat product security has not ruled out that privilege escalation is possible using this bug.
Jump Conditional Code Erratum Overview White Paper for Intel® Processors
Diagnostic Tools
At this time there is no method of knowing if an attack has taken place.
Affected Products
| Product | Fixed in package | Advisory link |
|---|---|---|
| Red Hat Enterprise Linux 8.1.0 (Z-stream) | microcode_ctl-20190618-1.20191112.1.el8_1 | RHEA-2019:3845 |
| Red Hat Enterprise Linux 8.0.0 SAP extension | microcode_ctl-20180807a-2.20191112.1.el8_0 | N/A |
| Red Hat Enterprise Linux 7.7 (Z-stream) | microcode_ctl-2.1-53.3.el7_7 | RHEA-2019:3846 |
| Red Hat Enterprise Linux 7.6 EUS | microcode_ctl-2.1-47.8.el7_6 | RHEA-2019:3848 |
| Red Hat Enterprise Linux 7.5 EUS | microcode_ctl-2.1-29.24.el7_5 | RHEA-2019:3849 |
| Red Hat Enterprise Linux 7.4 AUS/E4S/TUS | microcode_ctl-2.1-22.26.el7_4 | RHEA-2019:3850 |
| Red Hat Enterprise Linux 7.3 AUS/E4S/TUS | microcode_ctl-2.1-16.27.el7_3 | RHEA-2019:3851 |
| Red Hat Enterprise Linux 7.2 AUS/E4S/TUS | microcode_ctl-2.1-12.24.el7_2 | RHEA-2019:3852 |
| Red Hat Enterprise Linux 6.10 (Z-stream) | microcode_ctl-1.17-33.19.el6_10 | RHEA-2019:3847 |
| Red Hat Enterprise Linux 6.6 AUS | microcode_ctl-1.17-19.23.el6_6 | RHEA-2019:3853 |
| Red Hat Enterprise Linux 6.5 AUS | microcode_ctl-1.17-17.25.el6_5 | RHEA-2019:3854 |
| Red Hat Enterprise Linux 5 | No update is provided | N/A |
Affected Configurations
Listed below are the CPU families affected by these flaws broken down by the flaw type. You must determine your CPU’s family to see if you are affected.
Find your CPU family model
Find the CPU model provided by your system. This is available in the /proc/cpuinfo file.
$ grep -E '^(cpu family|model|stepping|microcode)' /proc/cpuinfo | sort -u
cpu family : 6
microcode : 0x84
model : 94
model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping : 3
(Note: on RHEL 6, microcode revision is in decimal; on RHEL 7 onwards, it is in hexadecimal with the respective prefix)
Intel Microcode Updates that mitigate the issues
| Model # (dec) |
Stepping (dec) | Minimum microcode revision for mitigation (dec) | Applicable vulnerabilities and errata | Codename | Model Name |
|---|---|---|---|---|---|
| 0x4e (78) | 0x03 (3) | 0xd4 (212) | TA Indirect Sharing, VERW, SHUF, JCC, SGX, EGETKEY | Skylake U/Y Skylake U (2+3e) |
6th Generation Intel® Core™ Processor Family |
| 0x55 (85) | 0x04 (4) | 0x2000064 (33554532) ** | Voltage modulation (CVE-2019-11139), FIVR erratum, TA indirect sharing, JCC, SHUF | Skylake D Bakerville Skylake Server Skylake W Skylake X Basin Falls |
Intel® Xeon® Processor D-2123IT, D-2141I, D-2142IT, D-2143IT, D-2145NT, D-2146NT, D-2161I, D-2163IT, D-2166NT, D-2173IT, D-2177NT, D-2183IT, D-2187NT Intel® Xeon® Bronze Processor 3104, 3106 Intel® Xeon® Gold Processor 5115, 5118, 5119T, 5120, 5120T, 5122, 6126, 6126F, 6126T, 6128, 6130, 6130F, 6130T, 6132, 6134, 6134M, 6136, 6138, 6138F, 6138T, 6140, 6140M, 6142, 6142F, 6142M, 6144, 6146, 6148, 6148F, 6150, 6152, 6154 Intel® Xeon® Platinum Processor 8153, 8156, 8158, 8160, 8160F, 8160M, 8160T, 8164, 8168, 8170, 8170M, 8176, 8176F, 8176M, 8180, 8180M Intel® Xeon® Silver Processor 4108, 4109T, 4110, 4112, 4114, 4114T, 4116, 4116T Intel® Xeon® Processor W-2123, W-2125, W-2133, W-2135, W-2145, W-2155, W-2195, W-2175 Intel® Core™ i9 79xxX, 78xxX |
| 0x55 (85) | 0x07 (7) | 0x500002b (83886123) ** | TAA, FIVR erratum, TA indirect sharing, SHUF, JCC | Cascade Lake | 2nd Generation Intel® Xeon® Scalable Processors |
| 0x5e (94) | 0x03 (3) | 0xd4 (212) | TA Indirect Sharing, VERW, SHUF, JCC, SGX, EGETKEY | Skylake H | 6th Generation Intel® Core™ Processor Family |
| 0x8e (142) | 0x09 (9) | 0xc6 (198) | TA Indirect Sharing, VERW, SHUF, JCC, SGX, EGETKEY | Kaby Lake U Kaby Lake U (2+3e) Kaby Lake Y |
7th Generation Intel® Core™ Processor Family |
| 0x8e (142) | 0x09 (9) | 0xc6 (198) | TAA, TA indirect sharing, VERW, SHUF, JCC, SGX, EGETKEY | Amber Lake Y | 8th Generation Intel® Core™ Processor Family |
| 0x8e (142) | 0x0a (10) | 0xc6 (198) | TAA, TA indirect sharing, VERW, VERW, SHUF, JCC, SGX, EGETKEY | Coffee Lake U (4+3e) Kaby Lake Refresh U (4+2) |
8th Generation Intel® Core™ Processor Family |
| 0x8e (142) | 0x0b (11) | 0xc6 (198) | TAA, TA indirect sharing, SHUF, JCC, SGX, EGETKEY | Whiskey Lake U | 8th Generation Intel® Core™ Processors |
| 0x8e (142) | 0x0c (12) | 0xc6 (198) | TAA, TA indirect sharing, SHUF, JCC, SGX, EGETKEY | Whiskey Lake U | 8th Generation Intel® Core™ Processors |
| 0x9e (158) | 0x09 (9) | 0xc6 (198) | TAA, TA indirect sharing, VERW, SHUF, JCC, SGX, EGETKEY | Kaby Lake G Kaby Lake H Kaby Lake S Kaby Lake X Kaby Lake Xeon E3 |
7th Generation Intel® Core™ Processor Family 8th Generation Intel® Core™ Processor Family Intel® Core™ X-series Processors (i5-7640X, i7-7740X) Intel® Xeon® Processor E3 v6 Family |
| 0x9e (158) | 0x0a (10) | 0xc6 (198) | TAA, TA indirect sharing, VERW, SHUF, JCC, SGX, EGETKEY | Coffee Lake H (6+2) Coffee Lake S (6+2) Coffee Lake S (6+2) Xeon E Coffee Lake S (4+2) Xeon E |
8th Generation Intel® Core™ Processor Family Intel® Xeon® Processor E Family |
| 0x9e (158) | 0x0b (11) | 0xc6 (198) | TAA, TA indirect sharing, SHUF, JCC, SGX, EGETKEY | Coffee Lake S (4+2) | 8th Generation Intel® Core™ Processor Family Intel® Pentium® Gold Processor Series Intel® Celeron® Processor G Series |
| 0x9e (158) | 0x0d (13) | 0xc6 (198) | TAA, TA indirect sharing, SHUF, JCC, SGX, EGETKEY | Coffee Lake H Coffee Lake S Coffee Lake S (8+2) Xeon E |
9th Generation Intel® Core™ Processor Family |
** The microcode update is available since the previous microcode_ctl package version that includes the microcode-20190918 release.
Resolution
Red Hat customers running affected versions of the Red Hat products are strongly recommended to update them as soon as errata are available. Customers are urged to apply the appropriate updates immediately and reboot to mitigate this flaw correctly.
Acknowledgements
Red Hat thanks Intel for fixing these issues and making Red Hat aware.
Frequently Asked Questions
Q: Do I need to reboot for the changes to take effect?
A: Updating the microcode package is the minimal required value for the system for these issues to be fixed. This issue is paired with both the TSX and IFU (CVE-2018-12207) updates which require a reboot to function and report correctly.
Q: What if my CPU is not listed in the table?
A: Red Hat will continue to update these microcode packages as necessary. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended because additional improvements may be available.
Additional Information
Red Hat can not guarantee the correctness of the above information as the microcode update is provided by upstream vendors.
Related Knowledge Base articles:
Is CPU microcode available to address CVE-2017-5715 via the microcode_ctl package?
Is CPU microcode available to address CVE-2018-3639 via the microcode_ctl package?
Is CPU microcode available to address CVE-2018-3620 and CVE-2018-3646 via the microcode_ctl package?
Is CPU microcode available to address MDS (ZombieLoad) CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091 via the microcode_ctl package?
Intel's November IPU Update
Intel's Microcode Update Guidance
Comments