Intel February 2022 Microcode Update

Updated -

Overview

Red Hat is aware of several CPU hardware flaws that affect Intel CPU hardware microarchitecture and on-board components.

Red Hat provides updated microcode, developed by our microprocessor partners, as a customer convenience.  Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended, as additional improvements may be available.

Background

Security Issues

CVE-2021-0127: Intel Processor Breakpoint Control Flow

A flaw was found in microcode. Under complex microarchitectural conditions, an unexpected code breakpoint may cause a system hang. The hang was observed on a Skylake server processor, and subsequent analysis indicated additional potentially affected processors. This flaw allows a possible temporary denial of service (TDOS) to occur.

This issue requires a microcode update.

This issue has been assigned CVE-2021-0127 and is rated Moderate.

See also:

CVE-2021-0145: Fast store forward predictor - Cross Domain Training

A flaw was found in microcode. Fast store forwarding prediction in one domain could be controlled by software previously executed in another domain. Such control helps a malicious program running in user mode (or guest VM) to trigger transient execution gadgets in supervisor mode (or VMM), potentially leading to sensitive data disclosure. Fast store forward prediction is not enabled when SSBD is set. This flaw allows an authenticated user with local access to perform information disclosure via transient execution.

This issue requires a microcode update.

This issue has been assigned CVE-2021-0145 and is rated Moderate.

See also:

CVE-2021-0146: VT-d-related Privilege Escalation

Hardware allows activation of test and debug logic at runtime for some Intel® Atom® processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

This issue requires a microcode update.

This issue has been assigned CVE-2021-0146 and is rated Important.

This issue was disclosed on November 9th, 2021.

See also:

CVE-2021-33120: microcode: Out of bounds read for some Intel Atom processors

A flaw was found in microcode. An out-of-bounds read under a complex microarchitectural condition in the memory subsystem for some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure or cause a denial of service via network access.

This issue requires a microcode update.

This issue has been assigned CVE-2021-33120 and is rated Moderate.

See also:

Functional Issues

Intel® Transactional Synchronization Extensions (Intel® TSX) Memory and Performance Monitoring Update

TSX deprecation was started with June 2021 microcode update. This microcode update includes additional CPU models where Intel Transactional Synchronisation Extensions (TSX) feature is removed.

See also:

RAPL Filtering Opt-in SW Switch

The microcode update adds an MSR that provides information if RAPL power filtering is currently enabled and ability to enable it (one-way until the next reboot) if it is not.

See also:

Dedicated Fast store forward predictor Control

A dedicated control is added in the microcode update that disables only fast store forward predictor, to address the issues like CVE-2021-0145.

System May Hang or Reboot Unexpectedly Due to System Stress

Under a complex set of microarchitectural conditions, the processor may incorrectly recover from a mis-predicted branch due to a possible race condition in register checkpoint mechanism when Hyper-Threading is enabled, resulting in unpredictable system behaviour, including Table of Requests (TOR) timeout machine check error, 3-Strike machine check errors, or unexpected exceptions.

The mitigation involves addition of some delay to the retirement pipe, which also affects other microarchitectural features. The mitigation is disabled by default for client CPU models and enabled by default for server CPU models. It may be possible to control it via BIOS via „RaceConditionResponce Policy” setting (MSR_IA32_CSTAR (0xc00000083) bit 0 set to 1 to enable).

WBINVD CHA Conflict Resolution

Under complex microarchitectural conditions, during the writ-back and invalidate cache instruction (WBINVD) execution, the Caching and Home Agent (CHA) may not correctly resolve a conflict between read and write instructions on a two or more socket system. This may result in a 3-strike error with TOR timeout or other unpredictable es system behavior.

A mitigation is implemented in the microcode update.

Non-zero writes to STATUS/LOGS bits of the Thermal Status Model Specific Register (`IA32THERMSTATUS` MSR) may generate General Protection (GP) fault

STATUS/LOG bits (12–15) in IA32_THERM_STATUS MSR (0x19c) incorrectly generate General Protection (GP#) fault when a value of 1 is written to them.

The issue is mitigated on server and embedded CPU models; for client CPU models, the issue is documented as an erratum in the processor specification update and a microcode mitigation is not planned for them.

See also:

Affected Products

Product Fixed in package Advisory link
Red Hat Enterprise Linux 8.5.0 (Z-stream) An update will be provided at a future date
Red Hat Enterprise Linux 8.4.0 EUS An update will be provided at a future date
Red Hat Enterprise Linux 8.2.0 EUS An update will be provided at a future date
Red Hat Enterprise Linux 8.1.0 E4S An update will be provided at a future date
Red Hat Enterprise Linux 7.9 (Z-stream) An update will be provided at a future date
Red Hat Enterprise Linux 7.7 AUS/E4S/TUS An update will be provided at a future date
Red Hat Enterprise Linux 7.6 AUS/E4S/TUS An update will be provided at a future date
Red Hat Enterprise Linux 7.4 AUS An update will be provided at a future date
Red Hat Enterprise Linux 7.3 AUS An update will be provided at a future date
Red Hat Enterprise Linux 6.10 (ELS) An update will be provided at a future date

Affected Configurations

Listed below are the CPU families affected by these flaws broken down by the flaw type. You must determine your CPU’s family to see if you are affected.

Find Your CPU Family Model

Find the CPU model provided by your system.  This is available in the /proc/cpuinfo file.

$ grep -E '^(cpu family|model|stepping|microcode)' /proc/cpuinfo | sort -u
cpu family  : 6
microcode   : 0x84
model       : 94
model name  : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping    : 3

(Note: on RHEL 6, microcode revision is in decimal; on RHEL 7 onwards, it is in hexadecimal with the respective "0x" prefix.)

Intel Microcode Updates That Mitigate The Issues

Model No. (dec) Stepping (dec) Minimum microcode revision for mitigation (dec) Applicable vulnerabilities and errata Codename Model Name
0x3f (63) 0x02 (2) 0x49 (73) SMBus Security Haswell E
Haswell EP
Haswell Server EP
Haswell Server EP4S
Intel® Core™ X-Series Processors (i7-5960X, i7-5930K, i7-5820K)
Intel® Xeon® Processor v3 E5-2695, E5-2697, E5-2698, E5-2699, E5-2683, E5-2690, E5-2650, E5-2660, E5-2609, E5-2680, E5-2670, E5-1630, E5-1650, E5-2687W, E5-2643, E5-1660, E5-1680, E5-2650L, E5-2620, E5-2623, E5-1620, E5-2630, E5-2630L, E5-2637, E5-2640, E5-2603, E5-2667, E5-4640, E5-4650, E5-4655, E5-4660, E5-4667, E5-4669, E5-4610, E5-4620, E5-4627
0x3f (63) 0x04 (4) 0x1a (26) N/A Haswell Server EX Intel® Xeon® Processor E7 v3 Family
Intel® Xeon® Processor v3 E7-4809, E7-4820, E7-4830, E7-4850, E7-8860, E7-8867, E7-8870, E7-8880L, E7-8880, E7-8890, E7-8891, E7-8893
0x4e (78) 0x03 (3) 0xec (236)¹ CVE-2021-0127, RAPL Filter Switch Skylake U
Skylake Y
Skylake U (2+3e)
6th Generation Intel® Core™  Processor Family
Intel® Core™ Processor i7-6500U, i7-6510U, i7-6600U
Intel® Core™ Processor i5-6200U, i5-6210U, i5-6300U, i5-6310U
Intel® Core™ Processor i3-6100U, i3-6110U
Intel® Pentium® Processor 4405U, 4415U
Intel® Celeron® Processor 3855U, 3865U, 3955U, 3965U
Intel® Core™ Processor I7-6560U, I7-6567U, I7-6650U, I7-6660U
Intel® Core™ Processor I5-6260U, I5-6267U, I5-6287U, I5-6360U
Intel® Core™ Processor i3-6167U
Intel® Core™ Processor m7-6Y75, m5-6Y54, m5-6Y57, m3-6Y30
Intel® Pentium® Processor 4405Y
0x4f (79) 0x01 (1) 0xb000040 (184549440)² SMBus Security Broadwell E
Broadwell Server E
Brodwell Server EP
Broadwell Server EP4S
Broadwell Server EX
Intel® Core™ X-series Processors (i7-6950K, i7-6800K, i7-6850, i7-6900K)
Intel® Xeon® Processor v4 E5-2603, E5-2608L, E5-2609, E5-2618L, E5-2620, E5-2623, E5-2628L, E5-2630L, E5-2630, E5-2637, E5-2640, E5-2643, E5-2648L, E5-2650L, E5-2650, E5-2658, E5-2660, E5-2667, E5-2679, E5-2680, E5-2683, E5-2690, E5-2695, E5-2697A, E5-2697, E5-2698, E5-2699A, E5-2699, E5-2699R, E5-4628L
Intel® Xeon® Processor v4 E7-4809, E7-4820, E7-4830, E7-4850, E7-8855, E7-8860, E7-8867, E7-8870, E7-8880, E7-8890, E7-8891, E7-8893, E7-8894
0x55 (85) 0x03 (3) 0x100015c (16777564) CVE-2021-0127 Skylake Server Intel® Xeon® Processor P-8124, P-8136
0x55 (85) 0x04 (4) 0x2006c0a (33582090) SMBus Security, CVE-2021-0127, RAPL Filter Switch, WBINVD CHA conflict, THERM_STATUS GP Skylake D
Bakerville
Skylake Server
Skylake W
Skylake X
Basin Falls
Intel® Xeon® Processor D-2123IT, D-2141I, D-2142IT, D-2143IT, D-2145NT, D-2146NT, D-2161I, D-2163IT, D-2166NT, D-2173IT, D-2177NT, D-2183IT, D-2187NT
Intel® Xeon® Bronze Processor 3104, 3106
Intel® Xeon® Gold Processor 5115, 5118, 5119T, 5120, 5120T, 5122, 6126, 6126F, 6126T, 6128, 6130, 6130F, 6130T, 6132, 6134, 6134M, 6136, 6138, 6138F, 6138T, 6140, 6140M, 6142, 6142F, 6142M, 6144, 6146, 6148, 6148F, 6150, 6152, 6154
Intel® Xeon® Platinum Processor 8153, 8156, 8158, 8160, 8160F, 8160M, 8160T, 8164, 8168, 8170, 8170M, 8176, 8176F, 8176M, 8180, 8180M
Intel® Xeon® Silver Processor 4108, 4109T, 4110, 4112, 4114, 4114T, 4116, 4116T
Intel® Xeon® Processor W-2123, W-2125, W-2133, W-2135, W-2145, W-2155, W-2195, W-2175
Intel® Core™ i9 79xxX, 78xxX
0x55 (85) 0x06 (6) 0x400320a (67121674) SMBus Security, CVE-2021-0127, RAPL Filter Switch, WBINVD CHA conflict, THERM_STATUS GP Cascade Lake Server 2nd Generation Intel® Xeon® Scalable Processors
0x55 (85) 0x07 (7) 0x500320a (83898890) CVE-2021-0127, SMBus Security, RAPL Filter Switch, WBINVD CHA conflict, THERM_STATUS GP Cascade Lake Server
Cascade Lake W
Cascade Lake X
2nd Generation Intel® Xeon® Scalable Processors
Intel® Xeon® Platinum Processor 8253, 8256, 8260, 8260L, 8260M, 8260Y, 8268, 8270, 8276, 8276L, 8276M, 8280, 8280L, 8280M, 9220, 9221, 9222, 9242, 9282
Intel® Xeon® Gold Processor 5215, 5215L, 5215M, 5215R, 5217, 5218, 5218B, 5218N, 5218T, 5220, 5220R, 5220S, 5220T, 5222, 6208U ,6209U, 6210U, 6212U, 6222V, 6226, 6226R, 6230, 6230N, 6230R, 6230T, 6234, 6238, 6238L, 6238M, 6238R, 6238T, 6240, 6240L, 6240M, 6240R, 6240Y, 6242, 6242R, 6244, 6246, 6246R, 6248, 6248R, 6250, 6250L, 6252, 6252N, 6254, 6256, 6258R, 6262V
Intel® Xeon® Silver Processor 4208, 4209T, 4210, 4210R, 4210T, 4214, 4214C, 4214R, 4214Y, 4215, 4215R, 4216
Intel® Xeon® Bronze Processor 3204, 3206R
Intel® Xeon® Processor W-3275M, W-3275, W-3265M, W-3265, W-3245M, W-3245, W-3235, W-3225, W-3223, W-2295, W-2275, W-2265, W-2255, W-2245, W-2235, W-2225, W-2223
Intel® Core™ X-series Processor i9-10940X, i9-10920X, i9-10900X, i9-9960X, i9-9940X, i9-9920X, i9-9900X, i9-9820X, i9-9800X, i9-7960X, i9-7940X, i9-7920X, i9-7900X, i7-7820X, i7-7800X, i7-7740X, i7-7640X
0x55 (85) 0x0b (11) 0x7002402 (117449730) CVE-2021-0127, RAPL Filter Switch, WBINVD CHA conflict, THERM_STATUS GP Cooper Lake SP 3rd Generation Intel® Xeon® Scalable Processors
Intel® Xeon® Platinum Processor 8353H, 8354H, 8376H, 8376HL, 8380H, 8380HL
Intel® Xeon® Gold Processor 5318H, 5320H, 6328H, 6328HL, 6348H
0x56 (86) 0x03 (3) 0x700001c (117440540) SMBus Security Broadwell DE [stepping V2]
Broadwell DE [stepping V3]
Intel® Xeon® Processor D Family
Intel® Pentium® Processor D Series
Intel® Xeon® Processor D-1518, D-1519, D-1521, D-1527, D-1528, D-1531, D-1533, D-1537, D-1541, D-1548
Intel® Pentium® Processor D1507, D1508, D1509, D1517, D1519
0x56 (86) 0x04 (4) 0xf00001a (251658266) SMBus Security Broadwell DE [stepping Y0] Intel® Xeon® Processor D-1557, D-1559, D-1567, D-1571, D-1577, D-1581, D-1587
0x56 (86) 0x05 (5) 0xe000014 (234881044) SMBus Security Broadwell NS [stepping A1]
Boadwell DE [stepping A1]
Hewitt Lake
Intel® Xeon® Processor D-1513N, D-1523N, D-1533N, D-1543N, D1553N, D-1602, D-1622, D-1623N, D-1627 , D-1633N, D-1637, D-1649N, D-1653N
0x5c (92) 0x09 (9) 0x46 (70) CVE-2021-0146, RAPL Filter Switch Apollo Lake [stepping D0] Intel® Pentium® Processor J4205, N4200
Intel® Celeron® Processor J3355, J3455, N3350, N3450
Intel® Atom® Processor x5-A3930, x5-A3940, x5-A3950, x5-A3960
0x5c (92) 0x0a (10) 0x24 (36) CVE-2021-0146, RAPL Filter Switch Apollo Lake [stepping E0] Intel® Atom® Processor x5-E3930, x5-E3940, x7-E3950
0x5e (94) 0x03 (3) 0xec (236) CVE-2021-0127, RAPL Filter Switch Skylake H 6th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-6700HQ, i7-6770HQ, i7-6820HK, i7-6820HQ, i7-6870HQ, i7-6920HQ, i7-6970HQ, i5-6300HQ, i5-6350HQ, i5-6440HQ, i3-6100H, i7-6700, i7-6700K, i7-6700T, i7-6700TE, i7-6820EQ, i7-6822EQ, i5-6400, i5-6400T, i5-6440EQ, i5-6442EQ, i5-6500, i5-6500T, i5-6500TE, i5-6600, i5-6600K, i5-6600T, i3-6100, i3-6100E, i3-6100T, i3-6100TE, i3-6102E, i3-6120, i3-6120T, i3-6300, i3-6300T, i3-6320, i3-6320T
Intel® Pentium® Processor G4400, G4400T, G4400TE, G4420, G4420T, G4500, G4500T, G4520, G4520T, G4540
Intel® Celeron® Processor G3900, G3900T, G3900TE, G3902E, G3920, G3920T, G3940
0x5f (95) 0x01 (1) 0x36 (54) CVE-2021-0146 Denverton Intel® Atom® Processor C Series
Intel® Atom® Processor C3308, C3336, C3338, C3338R, C3436L, C3508, C3538, C3558, C3558R, C3558RC, C3708, C3750, C3758, C3758R, C3808, C3830, C3850, C3858, C3950, C3958, C3955
0x6a (106) 0x06 (6) 0xd000331 (218104625) Ice Lake Server 3rd Generation Intel® Xeon® Scalable Processors
Intel® Xeon® Platinum 8300 processors
Intel® Xeon® Gold 6300 processors
Intel® Xeon® Gold 5300 processors
Intel® Xeon® Silver 4300 processors
0x7a (122) 0x01 (1) 0x38 (56) CVE-2021-0146, RAPL Filter Switch Gemini Lake Intel® Pentium® Processor Silver Series
Intel® Celeron® Processor J Series
Intel® Celeron® Processor N Series
Intel® Pentium® Silver Processor J5005, N5000
Intel® Celeron® Processor J4005, J4105, N4000, N4100
0x7a (122) 0x08 (8) 0x1c (28) CVE-2021-0146, RAPL Filter Switch Gemini Lake Refresh Intel® Celeron® Processor J Series
Intel® Celeron® Processor N Series
Intel® Pentium® Silver J5040, N5030 Processor
Intel® Celeron® Processor J4025, J4125, N4020, N4120
0x7e (126) 0x05 (5) 0xa8 (168) CVE-2021-0145, RAPL Filter Switch, FSFP control, Register Checkpoint Race Ice Lake U
Ice Lake Y
10th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-1060G7, i7-1065G7, i5-1030G4, i5-1030G7, i5-1035G1, i5-1035G4, i5-1035G7, i3-1000G1, i3-1000G4, i3-1005G1
0x8a (138) 0x01 (1) 0x2d (45) CVE-2021-0127, CVE-2021-33120, RAPL Filter Switch, FSFP control Lakefield Intel® Core™ i5-L16G7 Processor, i3-L13G4
0x8c (140) 0x01 (1) 0x9a (154) CVE-2021-0145, RAPL Filter Switch, FSFP control, Register Checkpoint Race Tiger Lake UP3
Tiger Lake UP4
11th Generation Intel® Core™ Processor Family
Intel® Core™ i7-1185G7, i7-1165G7, i7-1185GRE, i7-1185G7E, i7-1180G7, i7-1160G7, i5-1145G7, i5-1145GRE, i5-1145G7E, i5-1140G7, i5-1130G7, i3-1125G4, i3-1115GRE, i3-1115G4E, i3-1120G4, i3-1110G4
Intel® Celeron® 6305 Processor, Intel® Celeron® 6305E Processor
0x8c (140) 0x02 (2) 0x22 (34) CVE-2021-0145, RAPL Filter Switch, FSFP control, Register Checkpoint Race Tiger Lake U Refresh
Tiger Lake H35
11th Generation Intel® Core™ Processor Family
Intel® Core™ i7-1195G7, i5-1155G7, i5-1135G7, i3-1115G4, i7-11390H, i5-11320H
Intel® Pentium® Gold 7505
0x8d 0x01 (2) 0x3c (60) CVE-2021-0145, RAPL Filter Switch, FSFP control, Register Checkpoint Race Tiger Lake H 11th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i9-11980HK, i9-11950H, i9-11900H, i7-11850H, i7-11800H, i5-11500H, i5-11400H, i5-11260H, i7-11390H, i7-11375H, i7-11370H, i5-11320H, i5-11300H, i7-11850HE, i3-11100HE
Intel® Xeon® W-11955M, Intel® Xeon® W-11855M, W-11865MRE, W-11555MRE, W-11155MRE, W-11555MLE, W-11865MLE, W-11155MLE
Intel® Celeron® 6600HE
0x8e (142) 0x09 (9) 0xea (236)³ CVE-2021-0127, RAPL Filter Switch Kaby Lake U
Kaby Lake U (2+3e)
Kaby Lake Y
7th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-7500U, i7-7510U, i7-7600U, i7-7560U, i7-7567U, i7-7660U, i7-7Y75, i5-7200U, i5-7210U, i5-7300U, i5-7500U, i5-7260U, i5-7267U, i5-7287U, i5-7360U, i5-7Y54, i5-7Y57, i3-7007U, i3-7100U, i3-7110U, i3-7130U, i3-7167U, M3-7Y30, M3-7Y30
Intel® Pentium® Processor 4415U, 4410Y, 4415Y
Intel® Celeron® Processor 3865U, 3965U, 3965Y
0x8e (142) 0x09 (9) 0xec (236)³ CVE-2021-0127, RAPL Filter Switch Amber Lake Y 8th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-8500Y, i5-8310Y, i5-8210Y, i5-8200Y, m3-8100Y
0x8e (142) 0x0a (10) 0xec (236)³ CVE-2021-0127, RAPL Filter Switch Coffee Lake U (4+3e)
Kaby Lake Refresh U (4+2)
8th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-8559U, i7-8550U, i7-8650U, i5-8259U, 8269U, i5-8250U, i5-8350U, i3-8109U, i3-7020U, i3-8130U
0x8e (142) 0x0b (11) 0xec (236)³ CVE-2021-0127, RAPL Filter Switch Whiskey Lake U 8th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-8565U, i7-8665U, i5-8365U, i5-8265U, i3-8145U
Intel® Core™ Processor 4205U, 5405U
0x8e (142) 0x0c (12) 0xec (236)³ CVE-2021-0127, RAPL Filter Switch, TSX Deprecation Whiskey Lake U, Amber Lake Y, Comet Lake U (4+2) 8th Generation Intel® Core™ Processor Family
10th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-10510Y, i5-10310Y, i5-10210Y, i5-10110Y, i7-10510U, i7-8565U, i7-8665U, i5-10210U, i5-8365U, i5-8265U, Intel® Pentium® Gold Processor 6405U, Intel® Celeron® Processor 5305U
0x9e (158) 0x09 (9) 0xec (236)³ SMBus Security, CVE-2021-0127, RAPL Filter Switch Kaby Lake G
Kaby Lake H
Kaby Lake S
Kaby Lake X
Kaby Lake Xeon E3
7th Generation Intel® Core™ Processor Family
8th Generation Intel® Core™ Processor Family
Intel® Core™ X-series Processors (i5-7640X, i7-7740X)
Intel® Core™ Processor i7-8705G, i7-8706G, i7-8709G, i7-8809G, i5-8305G, Intel® Core™ Processor i7-7700HQ, i7-7820EQ, i7-7820HK, i7-7820HQ, i7-7920HQ, i7-7700, i7-7700K, i7-7700T, i5-7300HQ, i5-7440EQ, i5-7440HQ, i5-7442EQ, i5-7400, i5-7400T, i5-7500, i5-7500T, i5-7600, i5-7600K, i5-7600T, i3-7100H, i3-7100E, i3-7101E, i3-7101TE, i3-7102E, i3-7120, i3-7120T, i3-7320T, i3-7340
Intel® Celeron® Processor G3930E, G3930TE
Intel® Xeon® Processor v6 E3-1535M, E3-1505M, E3-1505L, E3-1501L, E3-1501M, E3-1285, E3-1280, E3-1275, E3-1270, E3-1245, E3-1240, E3-1230, E3-1225, E3-1220
0x9e (158) 0x0a (10) 0xec (236)³ CVE-2021-0127, RAPL Filter Switch Coffee Lake H (6+2)
Coffee Lake S (6+2)
Coffee Lake S (6+2) Xeon E
Coffee Lake S (4+2) Xeon E
8th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor E Family
Intel® Core™ Processor i9-8950HK, i7-8700K, i7-8700B, i7-8750H, i7-8850H, i7-8670, i7-8670T, i7-8700, i7-8700T, i5-8600K, i5-8650K, i5-8300H, i5-8400B, i5-8400H, i5-8500B, i5-8400, i5-8400T, i5-8420, i5-8420T, i5-8500 , i5-8500T, i5-8550, i5-8600, i5-8600T, i5-8650
Intel® Xeon® Processor E-2174G, E-2144G, E-2134, E-2124, E-2124G, E-2284G, E-2274G, E-2254ML, E-2254ME, E-2244G, E-2234, E-2224, E-2224G, E-2184G, E-2186G, E-2176G, E-2176M, E-2146G, E-2136, E-2126G, 2286G, E-2276ML, E-2276ME, E-2276M, E-2276G, E-2246G, E-2236, E-2226GE, E-2226G, E-2186M, E-2176M
0x9e (158) 0x0b (11) 0xec (236)³ CVE-2021-0127, RAPL Filter Switch Coffee Lake S (4+2) 8th Generation Intel® Core™ Processor Family
Intel® Pentium® Gold Processor Series
Intel® Celeron® Processor G Series
Intel® Core™ Processor i3-8000, i3-8000T, i3-8020, i3-8100, i3-8100, i3-8100H, i3-8100T, i3-8120, i3-8300, i3-8300T, i3-8350K
Intel® Pentium® Gold G5400, G5400T, G5400T, G5420, G5420T, G5420T, G5500, G5500T, G5600
Intel® Celeron® Processor G4900, G4900T, G4920
0x9e (158) 0x0c (12) 0xec (236)³ CVE-2021-0127, RAPL Filter Switch Coffee Lake S (8+2) 9th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i9-9900K, i9-9900KF, i7-9700K, i7-9700KF, i5-9600K, i5-9600KF, i5-9400, i5-9400F
0x9e (158) 0x0d (13) 0xec (236)³ CVE-2021-0127, RAPL Filter Switch, TSX Deprecation Coffee Lake H (8+2)
Coffee Lake S (8+2)
Coffee Lake S (8+2) Xeon E
9th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i9-9980HK, i9-9880H, i7-9850H, 9750HF, i5-9400H, 9300H
Intel® Xeon® Processor E-2288G, E-2286M, E-2278GEL, E-2278GE, E-2278G
0xa5 (165) 0x02 (2) 0xec (236) CVE-2021-0127, RAPL Filter Switch Comet Lake H 10th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i9-10980HK, i9-10885H, i7-10875H, i7-10850H, i7-10870H, i7-10750H, i5-10400H, i5-10300H, i5-10200H Intel® Xeon® W Processors W-10885M, W-10855M
0xa5 (165) 0x03 (3) 0xec (236) CVE-2021-0127, RAPL Filter Switch Comet Lake S (6+2) 10th Generation Intel® Core™ Processor Family
Intel® Pentium® Gold Processor Family
Intel® Celeron® Processor Family
Intel® Xeon® W-1200 Processor Family
Intel® Core™ Processor i5-10600, i5-10600T, i5-10500, i5-10500T, i5-10400, i5-10400F, i5-10400T, i3-10320, i3-10300, i3-10300T, i3-10100, i3-10100T, i3-10100F
Intel® Pentium® Gold G6600, G6500, G6500T, G6400, G6400T
Intel® Celeron® Processors G5920, G5900, G5900T, G5925, G5905, G5905T
Intel® Xeon® W-1200 Processors W-1250
0xa5 (165) 0x05 (5) 0xee (238) CVE-2021-0127, RAPL Filter Switch Comet Lake S (10+2) 10th Generation Intel® Core™ Processor Family
Intel® Xeon® W-1200 Processor Family<
Intel® Core™ Processor i9-10900K, i9-10900KF, i9-10900, i9-10900T, i9-10900F, i9-10850K, i7-10700K, i7-10700KF, i7-10700, i7-10700T, i7-10700F, i5-10600K, i5-10600KF, i5-10400, i5-10400F, Intel® Xeon® W-1200 Processors W-1290P, W-1290, W-1290T, W-1270P, W-1270, W1250P
0xa6 (166) 0x00 (0) 0xea (234) CVE-2021-0127, RAPL Filter Switch Comet Lake U (6+2) 10th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i5-10500TE, i7-10700E, i7-10700TE, i7-10710U, i7-10750H, i7-10810U, i7-10875H, i9-10850H, i9-10885H, i9-10980HK, i9-10900E, i9-10900TE
Intel® Xeon® W-10855, W-1290 E, W-1290 TE processors
0xa6 (166) 0x01 (1) 0xec (236) CVE-2021-0127, RAPL Filter Switch Comet Lake U (6+2) v2 10th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i5-10500TE, i7-10700E, i7-10700TE, i7-10710U, i7-10750H, i7-10810U, i7-10875H, i9-10850H, i9-10885H, i9-10980HK, i9-10900E, i9-10900TE
Intel® Xeon® W-10855, W-1290 E, W-1290 TE processors
0xa7 (167) 0x01 (1) 0x50 (80) CVE-2021-0145, RAPL Filter Switch, FSFP control, Register Checkpoint Race Rocket Lake 11th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i9-11900K, i9-11900KF, i9-11900, i9-11900T, i9-11900F, i7-11700K, i7-11700KF, i7-11700, i7-11700T, i7-11700F, i5-11600K, i5-11600KF, i5-11600, i5-11600T, i5-11500, i5-11500T, i5-11400, i5-11400F, i5-11400T

¹ The update is disabled (and previously published revision 0xd6 is used) by default due to possible hangs experienced with previous revisions of the microcode. See /usr/share/doc/microcode_ctl/caveats/06-4e-03_readme for details.

² The update is disabled by default due to possible hangs. See /usr/share/doc/microcode_ctl/caveats/06-4f-01_readme and „CPU "model 79" systems hangs/panics during boot following an update to the microcode_ctl package” knowledge base article for details.

³ The update is disabled (and previously published revisions 0xae/0xb4/0xb8 are used) by default on RHEL 8.2 and newer minor releases on Dell hardware (bios_vendor DMI value is "Dell") due to possible hangs (see 1, 2, 3, 4, 5) experienced with previous revisions of the microcode. See /usr/share/doc/microcode_ctl/caveats/06-8e-9e-0x-dell_readme and /usr/share/doc/microcode_ctl/caveats/06-8e-9e-0x-0xca_readme for details.

See also:

Resolution

Red Hat customers running affected versions of the Red Hat products are strongly recommended to update them as soon as errata are available. Customers are urged to apply the appropriate updates immediately and reboot to mitigate this flaw correctly.

Acknowledgements

Red Hat thanks Intel for fixing these issues and making Red Hat aware.

Frequently Asked Questions

Q: Do I need to reboot for the changes to take effect?
A: No. Updating the microcode package to a version equal or later to the one identified in the table above is sufficient for these issues to be fixed.

Q: What if my CPU is not listed in the table?
A: Red Hat will continue to update these microcode packages as necessary. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended because additional improvements may be available.

Additional Information

Red Hat can not guarantee the correctness of the above information as the microcode update is provided by upstream vendors.

Related Knowledge Base articles:

Comments