Intel November 2019 Microcode Update

Updated -

Overview

Red Hat is aware of several CPU hardware flaws that affect Intel CPU hardware microarchitecture and on-board components. 

Red Hat provides updated microcode, developed by our microprocessor partners, as a customer convenience.  Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended, as additional improvements may be available.

Background

CVE-2019-11135: Transactional Synchronization Extensions (TSX) Asynchronous Abort (TAA)

Transactional Synchronization Extensions (TSX) Asynchronous Abort is an MDS-style flaw affecting the same buffers that the previous MDS-style vulnerability was able to affect. A local attacker using custom code can use this flaw to gather information from cache contents on the processor and sibling logical processors on processors that support simultaneous multithreading (SMT) and TSX.

The flaw found in the implementation of Intel TSX abortion where a local authenticated attacker, with the ability to monitor execution time of TSX regions, is able to infer memory state by comparing abort execution times.

This could allow information disclosure via this observed side channel while an attacker is able to observe abort timing of the transaction.

This issue has been assigned CVE-2019-11135 and is rated Moderate.

Intel-SA-00270

TA Indirect Sharing Erratum (Information Leak)

A flaw has been identified in the implementation of Intel microprocessors’ Target Array (TA) sharing. The Target Array is a fast-access buffer used by the branch prediction unit within a CPU core. The same target array is shared between logical processor threads.

The CPU branch prediction used would create branch targets’ as part of its regular work. When a branch target (the destination of an indirect branch) is detected as synonymous between two sibling threads, the processor creates only a single entry in the branch Target Array.

An attacker with local authenticated access can cause the branch prediction unit to use an indirect target on both logical processors. A flaw in the CPU's indirect target matching would incorrectly match some targets as matching when they did not.

This incorrect matching can be used as an attack vector for an attacker to carry out a Spectre-V2 style attack on the impacted processor.

A microcode update is available that can disable TA sharing between logical processors to change the behaviour will mitigate this flaw. 

Incomplete fixes for previous MDS mitigations (VERW)

Firmware changes released on 14 May 2019 for the initial round of MDS overloaded an instruction that was intended to clear a buffer to ensure information would not leak to the end user. This fix modified four of the instructions to perform additional functionality to be used by the operating systems in an attempt to mitigate the flaw. These instructions were:

  • VERW instruction
  • L1D_FLUSH instruction
  • RSM (Return from System Management mode)
  • SGX Enter and SGX Exit. (Secure Enclave Enter and Exit).

The VERW and L1D_FLUSH commands were used by operating system vendors to instruct the firmware running on the affected processors to overwrite buffer values that can be used in the various MDS attack set.

The flaw is that the L1D buffers were incorrectly cleared and not all bits of the buffer were set to zero. Some parts (bits 16-31 and 48-63) of the buffer were restored to their last known value prior to clearing shortly after they were set to be cleared.

This allows a side-channel into the partially shared data by the system, but to a lesser extent than previous MDS exposure. 

A local attacker would need to execute an MDS style attack on systems to gather intelligence on the system.  The attack reliability is believed to be considerably less reliable than previous MDS style attacks.

This issue requires a microcode update and it is expected to have no performance impact or change.

SHUF* instruction implementation flaw (DoS)

A flaw was found in Intel microprocessors’ implementation of packed byte shuffle AVX instructions (SHUF*). The defect can be exploited to cause stability problems in the processor and possibly create a Machine Check Exception (MCE). 

This could allow an attacker with a local account to possibly crash the system or the host within a guest on a virtual environment.

This issue requires a microcode update and it is expected to have no expected performance impact or change.

CVE-2019-0117: Intel SGX (Information Leak)

A flaw was found in the implementation of SGX around the access control of protected memory.  A local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code is able to infer the contents of the SGX protected memory.

This issue has been assigned CVE-2019-0117 and is rated Moderate.

EGETKEY Erratum

The Intel SGX functionality provides hardware instructions used to verify a memory structure has been cryptographically created by the running hardware.

The EGETKEY assembly instruction provides software running in the secure enclave with keys used by this functionality.

When hyperthreading is enabled a race condition exists where a local attacker could access the reset key used for the core and from this information derive the HT-disabled key and use this to emulate/impersonate a HT-disabled platform.

CVE-2019-11139: Voltage modulation vulnerability

Contemporary Intel processors incorporate a system controlled device known as a Voltage Regulator (VR), used to manage the amount of power provided to discrete parts of the CPU. The voltage regulator can adjust voltage requirements whenever certain subsystems of the CPU are in use. An example unit of this is the AVX subsystem on recent CPUs. This subsystem can be powered down when not recently used. 

A defect in the design of the regular allows erroneous response to so-called 0mv (no adjustment) messages to the regulator under certain conditions.

An attacker who is able to issue logic control to the regulator can crash the system or reduce the lifespan of the voltage regulation unit of this hardware.

This issue has been assigned CVE-2019-11139 and is rated Moderate.

A microcode update to the power control unit will disable the ability to send 0mv adjustment logic, preventing erroneous responses.

Intel-SA-00271

Voltage Modulation (FIVR erratum)

A vulnerability in the voltage regulation unit for Intel processors may allow a denial of service that can allow a local privileged user to crash the system.

Conditional Jump Macro-fusion (DoS or Privilege Escalation)

Intel microprocessors include logic known as Macro-Op Fusion (MOP) where an intermediary layer will batch together sequences of instructions into a single micro-operation (μOp) to be performed by the CPU's hardware.

An implementation defect in Intel’s design of MOP Fusion on recent processors allows malicious code to cause undefined behavior. The most likely side effect is that exploitation of this condition can lead to crashes and system errors.

The precise conditions of this vulnerability involve conditional branches that have previously been decoded by the DSB (Decoded Stream Buffer or “μOp cache”) that also crosses a cache line boundary. Under a corner case condition, such a sequence will incorrectly attempt to execute code that does not exist, leading to a range of errors from #UD (Undefined Instruction kernel panic) and spurious page faults (which may also panic the system). Red Hat product security has not ruled out that privilege escalation is possible using this bug.

Jump Conditional Code Erratum Overview White Paper for Intel® Processors

Diagnostic Tools

At this time there is no method of knowing if an attack has taken place.

Affected Products

Product Fixed in package Advisory link
Red Hat Enterprise Linux 8.1.0 (Z-stream) microcode_ctl-20190618-1.20191112.1.el8_1 RHEA-2019:3845
Red Hat Enterprise Linux 8.0.0 SAP extension microcode_ctl-20180807a-2.20191112.1.el8_0 N/A
Red Hat Enterprise Linux 7.7 (Z-stream) microcode_ctl-2.1-53.3.el7_7 RHEA-2019:3846
Red Hat Enterprise Linux 7.6 EUS microcode_ctl-2.1-47.8.el7_6 RHEA-2019:3848
Red Hat Enterprise Linux 7.5 EUS microcode_ctl-2.1-29.24.el7_5 RHEA-2019:3849
Red Hat Enterprise Linux 7.4 AUS/E4S/TUS microcode_ctl-2.1-22.26.el7_4 RHEA-2019:3850
Red Hat Enterprise Linux 7.3 AUS/E4S/TUS microcode_ctl-2.1-16.27.el7_3 RHEA-2019:3851
Red Hat Enterprise Linux 7.2 AUS/E4S/TUS microcode_ctl-2.1-12.24.el7_2 RHEA-2019:3852
Red Hat Enterprise Linux 6.10 (Z-stream) microcode_ctl-1.17-33.19.el6_10 RHEA-2019:3847
Red Hat Enterprise Linux 6.6 AUS microcode_ctl-1.17-19.23.el6_6 RHEA-2019:3853
Red Hat Enterprise Linux 6.5 AUS microcode_ctl-1.17-17.25.el6_5 RHEA-2019:3854
Red Hat Enterprise Linux 5 No update is provided N/A

Affected Configurations

Listed below are the CPU families affected by these flaws broken down by the flaw type. You must determine your CPU’s family to see if you are affected.  

Find your CPU family model

Find the CPU model provided by your system.  This is available in the /proc/cpuinfo file.

$ grep -E '^(cpu family|model|stepping|microcode)' /proc/cpuinfo | sort -u
cpu family  : 6
microcode   : 0x84
model       : 94
model name  : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping    : 3

(Note: on RHEL 6, microcode revision is in decimal; on RHEL 7 onwards, it is in hexadecimal with the respective prefix)

Intel Microcode Updates that mitigate the issues

 Model # (dec) Stepping (dec) Minimum microcode revision for mitigation (dec) Applicable vulnerabilities and errata Codename Model Name
0x4e (78) 0x03 (3) 0xd4 (212) TA Indirect Sharing, VERW, SHUF, JCC, SGX,  EGETKEY Skylake U/Y
Skylake U (2+3e)
6th Generation Intel® Core™  Processor Family
0x55 (85) 0x04 (4) 0x2000064 (33554532) ** Voltage modulation (CVE-2019-11139), FIVR erratum, TA indirect sharing, JCC, SHUF Skylake D
Bakerville
Skylake Server
Skylake W
Skylake X
Basin Falls
Intel® Xeon® Processor D-2123IT, D-2141I, D-2142IT, D-2143IT, D-2145NT, D-2146NT, D-2161I, D-2163IT, D-2166NT, D-2173IT, D-2177NT, D-2183IT, D-2187NT
Intel® Xeon® Bronze Processor 3104, 3106
Intel® Xeon® Gold Processor 5115, 5118, 5119T, 5120, 5120T, 5122, 6126, 6126F, 6126T, 6128, 6130, 6130F, 6130T, 6132, 6134, 6134M, 6136, 6138, 6138F, 6138T, 6140, 6140M, 6142, 6142F, 6142M, 6144, 6146, 6148, 6148F, 6150, 6152, 6154
Intel® Xeon® Platinum Processor 8153, 8156, 8158, 8160, 8160F, 8160M, 8160T, 8164, 8168, 8170, 8170M, 8176, 8176F, 8176M, 8180, 8180M
Intel® Xeon® Silver Processor 4108, 4109T, 4110, 4112, 4114, 4114T, 4116, 4116T
Intel® Xeon® Processor W-2123, W-2125, W-2133, W-2135, W-2145, W-2155, W-2195, W-2175
Intel® Core™ i9 79xxX, 78xxX
0x55 (85) 0x07 (7) 0x500002b (83886123) ** TAA, FIVR erratum, TA indirect sharing, SHUF, JCC Cascade Lake 2nd Generation Intel® Xeon® Scalable Processors
0x5e (94) 0x03 (3) 0xd4 (212) TA Indirect Sharing, VERW, SHUF, JCC, SGX,  EGETKEY Skylake H 6th Generation Intel® Core™ Processor Family
0x8e (142) 0x09 (9) 0xc6 (198) TA Indirect Sharing, VERW, SHUF, JCC, SGX, EGETKEY Kaby Lake U
Kaby Lake U (2+3e)
Kaby Lake Y
7th Generation Intel® Core™ Processor Family
0x8e (142) 0x09 (9) 0xc6 (198) TAA, TA indirect sharing, VERW, SHUF, JCC, SGX, EGETKEY Amber Lake Y 8th Generation Intel® Core™ Processor Family
0x8e (142) 0x0a (10) 0xc6 (198) TAA, TA indirect sharing, VERW, VERW, SHUF, JCC, SGX,  EGETKEY Coffee Lake U (4+3e)
Kaby Lake Refresh U (4+2)
8th Generation Intel® Core™ Processor Family
0x8e (142) 0x0b (11) 0xc6 (198) TAA, TA indirect sharing, SHUF, JCC, SGX,  EGETKEY Whiskey Lake U 8th Generation Intel® Core™ Processors
0x8e (142) 0x0c (12) 0xc6 (198) TAA, TA indirect sharing, SHUF, JCC, SGX,  EGETKEY Whiskey Lake U 8th Generation Intel® Core™ Processors
0x9e (158) 0x09 (9) 0xc6 (198) TAA, TA indirect sharing, VERW, SHUF, JCC, SGX,  EGETKEY Kaby Lake G
Kaby Lake H
Kaby Lake S
Kaby Lake X
Kaby Lake Xeon E3
7th Generation Intel® Core™ Processor Family
8th Generation Intel® Core™ Processor Family
Intel® Core™ X-series Processors (i5-7640X, i7-7740X)
Intel® Xeon® Processor E3 v6 Family
0x9e (158) 0x0a (10) 0xc6 (198) TAA, TA indirect sharing, VERW, SHUF, JCC, SGX,  EGETKEY Coffee Lake H (6+2)
Coffee Lake S (6+2)
Coffee Lake S (6+2) Xeon E
Coffee Lake S (4+2) Xeon E
8th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor E Family
0x9e (158) 0x0b (11) 0xc6 (198) TAA, TA indirect sharing, SHUF, JCC, SGX,  EGETKEY Coffee Lake S (4+2) 8th Generation Intel® Core™ Processor Family
Intel® Pentium® Gold Processor Series
Intel® Celeron® Processor G Series
0x9e (158) 0x0d (13) 0xc6 (198) TAA, TA indirect sharing, SHUF, JCC, SGX,  EGETKEY Coffee Lake H
Coffee Lake S
Coffee Lake S (8+2) Xeon E
9th Generation Intel® Core™ Processor Family

** The microcode update is available since the previous microcode_ctl package version that includes the microcode-20190918 release.

Resolution

Red Hat customers running affected versions of the Red Hat products are strongly recommended to update them as soon as errata are available. Customers are urged to apply the appropriate updates immediately and reboot to mitigate this flaw correctly.

Acknowledgements

Red Hat thanks Intel for fixing these issues and making Red Hat aware.

Frequently Asked Questions

Q: Do I need to reboot for the changes to take effect?
A: Updating the microcode package is the minimal required value for the system for these issues to be fixed. This issue is paired with both the TSX and IFU (CVE-2018-12207) updates which require a reboot to function and report correctly.

Q: What if my CPU is not listed in the table?
A: Red Hat will continue to update these microcode packages as necessary. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended because additional improvements may be available.

Additional Information

Red Hat can not guarantee the correctness of the above information as the microcode update is provided by upstream vendors.  

Related Knowledge Base articles:

Is CPU microcode available to address CVE-2017-5715 via the microcode_ctl package?
Is CPU microcode available to address CVE-2018-3639 via the microcode_ctl package?
Is CPU microcode available to address CVE-2018-3620 and CVE-2018-3646 via the microcode_ctl package?
Is CPU microcode available to address MDS (ZombieLoad) CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091 via the microcode_ctl package?
Intel's November IPU Update
Intel's Microcode Update Guidance