What CPU microcode is available via the microcode_ctl package to mitigate CVE-2017-5715 (variant 2)?

Solution Verified - Updated -


  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
  • microcode_ctl


  • We are attempting to address CVE-2017-5715 (variant 2) via a microcode update, can we update a package to achieve this goal?
  • What CPU microcode is included in the microcode_ctl package to mitigate CVE-2017-5715 (variant 2)?


Microcode/firmware/millicode is software that microprocessor manufacturers supply to operating system vendors to take advantage of internal features of the CPU. The authoritative source for that software is the CPU manufacturer.

The microcode_ctl mechanism to update system firmware is non-persistent in nature. The microcode is loaded during each boot operation, and is only applied in the event that the microcode available within /lib/firmware/ for the installed CPU is newer than the revision loaded during the hardware initialization phase of boot. Updating the system firmware to a revision that includes updated microcode is applicable to any resident software and therefore is recommended as a more permanent solution.

Please use the following Red Hat Customer Portal Lab App to verify systems have the necessary microprocessor firmware to address CVE-2017-5715 (variant 2).

Red Hat Customer Portal Labs - Spectre And Meltdown Detector

Root Cause

Red Hat Security is currently recommending that subscribers contact their CPU OEM vendor to download the latest microcode/firmware for their processor.

The latest microcode_ctl and linux-firmware packages from Red Hat do not include resolutions to the CVE-2017-5715 (variant 2) exploit. Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot. The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes to versions that were known to be stable and well tested, released prior to the Spectre/Meltdown embargo lift date on Jan 3rd. Customers are advised to contact their silicon vendor to get the latest microcode for their particular processor.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.


Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.