Intel June 2020 Microcode Update

Solution Verified - Updated -

Issue

Red Hat is aware of several CPU hardware flaws that affect Intel CPU hardware microarchitecture and on-board components.

Red Hat provides updated microcode, developed by our microprocessor partners, as a convenience to our customers. Please contact your hardware vendor to determine whether more recent BIOS or firmware updates are recommended, as additional improvements may be available.

Background

CVE-2020-0543 Special Register Buffer Data Sampling (SRBDS)

A new domain bypass transient execution attack, known as Special Register Buffer Data Sampling (SRBDS), may allow data values from special registers to be inferred by malicious code executing on any core of the CPU. This vulnerability affects some client and Intel® Xeon® E3 processors; it does not affect other Intel Xeon or Intel Atom® processors (see applicability in the "Intel Microcode Updates that mitigate the issues" table below).

This issue has been assigned CVE-2020-0543 and Red Hat has rated the severity impact as Moderate.

This issue requires a microcode update, and it is expected to have a performance impact on the performance of RDRAND and RDSEED instructions.

See also:

CVE-2020-0548 Vector Register Data Sampling (VRDS)

MDS mitigations clear the store buffer upon execution of the clear buffer instruction (VERW). Program instructions often delegate work to hardware subcomponents. The delegated work, which began before clear buffer instruction, the subcomponents would complete after the clear buffer instruction and then place the results in the store buffer after it was cleared. This makes the results of these instructions able to be inferred by using MDS/TAA exploit methods.

The specific delegated operations that were outstanding were SSE/AVX/AVX-512 register reads from another process or a CPU sibling.

This issue requires a microcode update.

This issue has been assigned CVE-2020-0548 and is rated Low.

See also:

CVE-2020-0549 L1D Cache Eviction Sampling (L1DCES)

A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the “fill buffers” and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values.

This issue requires a microcode update.

This issue has been assigned CVE-2020-0549 and is rated Moderate.

See also:

Diagnostic Tools

At this time there is no method of knowing if an attack has taken place.

Affected Products

Product Fixed in package Advisory link
Red Hat Enterprise Linux 8.2.0 (Z-stream) microcode_ctl-20191115-4.20200602.2.el8_2 RHSA-2020:2431
Red Hat Enterprise Linux 8.1.0 EUS Update will be provided at a later date
Red Hat Enterprise Linux 8.0.0 SAP extension Update will be provided at a later date
Red Hat Enterprise Linux 7.8 (Z-stream) microcode_ctl-2.1-61.6.el7_8 RHSA-2020:2432
Red Hat Enterprise Linux 7.7 EUS Update will be provided at a later date
Red Hat Enterprise Linux 7.6 EUS Update will be provided at a later date
Red Hat Enterprise Linux 7.4 AUS/E4S/TUS Update will be provided at a later date
Red Hat Enterprise Linux 7.3 AUS/E4S/TUS Update will be provided at a later date
Red Hat Enterprise Linux 7.2 AUS/E4S/TUS Update will be provided at a later date
Red Hat Enterprise Linux 6.10 (Z-stream) microcode_ctl-1.17-33.26.el6_10 RHSA-2020:2433
Red Hat Enterprise Linux 6.6 AUS Update will be provided at a later date
Red Hat Enterprise Linux 6.5 AUS Update will be provided at a later date
Red Hat Enterprise Linux 5 No update is provided N/A

Affected Configurations

Listed below are the CPU families affected by these flaws broken down by the flaw type. You must determine your CPU’s family to see if you are affected.

Find your CPU family model

Find the CPU model provided by your system. This is available in the /proc/cpuinfo file.

$ grep -E '^(cpu family|model|stepping|microcode)' /proc/cpuinfo | sort -u
cpu family  : 6
microcode   : 0x84
model       : 94
model name  : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping    : 3

(Note: on RHEL 6, microcode revision is in decimal; on RHEL 7 onwards, it is in hexadecimal with the respective prefix)

Affected Intel CPU models and microcode update revisions that mitigate the issues

Model No. (dec) Stepping (dec) Minimum microcode revision for mitigation (dec) Applicable vulnerabilities and errata Codename Model Name
0x3c (60) 0x03 (3) 0x28 (40) SRBDS Haswell Desktop
Haswell Xeon E3
4th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor E3 v3 Family
Intel® Core™ Processor i7-4770S, i7-4790S, i7-4770T, i7-4765T, i7-4770, i7-4770K, i7-4771, i7-4790T, i7-4790, i7-4785T, i5-4440S, i5-4570, i5-4570T, i5-4670, i5-4430, i5-4430S, i5-4670K, i5-4440, i5-4670S, i5-4670T, i5-4460T, i5-4460S, i5-4690, i5-4690S, i5-4690T, i5-4590, i5-4460, i5-4570S, i5-4590T, i5-4590S, i3-4350T, i3-4330, i3-4360, i3-4150T, i3-4160, i3-4130, i3-4160T, i3-4130T, i3-4170, i3-4350, i3-4150, i3-4330T, i3-4360T, i3-4340, i3-4370, i3-4370T, i3-4170T, i7-4900MQ, i7-4910MQ, i7-4800MQ, i7-4810MQ, i7-4700MQ, i7-4702MQ, i7-4710MQ, i7-4712MQ, i7-4700EQ, i3-4100M, i3-4110M
Intel® Pentium® Processor G3420, G3220, G3220T, G3420T, G3430, G3440, G3440T, G3240, G3240T, G3450, G3450T, G3258, G3250, G3250T, G3460, G3460T, G3470, G3260, G3260T, 3560M
Intel® Celeron® Processor G1830, G1820T, G1850, G1840, G1840T, G1820, 2970M
Intel® Xeon® Processor v3 E3-1220, E3-1220L, E3-1221, E3-1225, E3-1226, E3-1230, E3-1230L, E3-1231, E3-1240, E3-1240L, E3-1241, E3-1245, E3-1246, E3-1265L, E3-1268L, E3-1268LV3, E3-1270, E3-1271, E3-1275, E3-1275L, E3-1276, E3-1280, E3-1281, E3-1285, E3-1285L, E3-1286, E3-1286L
0x3d (61) 0x04 (4) 0x2f (47) SRBDS Broadwell U
Broadwell Y
5th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-5650U, i7-5600U, i7-5557U, i7-5550U, i7-5500U
Intel® Core™ Processor i5-5350U, i5-5350, i5-5300U, i5-5287U, i5-5257U, i5-5250U, i5-5200U
Intel® Core™ Processor i3-5157U, i3-5020U, i3-5015U, i3-5010U, i3-5006U, i3-5005U, i3-5010U
Intel® Pentium® Processor 3805U, 3825U, 3765U, 3755U, 3215U, 3205U
Intel® Celeron® 3765U
Intel® Core™ Processor M-5Y71, M-5Y70, M-5Y51, M-5Y3, M-5Y10c, M-5Y10a, M-5Y10
0x45 (69) 0x01 (1) 0x26 (38) SRBDS Haswell U
Haswell Y
4th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-4500U, i7-4510U, i7-4550U, i7-4558U, i7-4578U, i7-4600U, i7-4650U
Intel® Core™ Processor i5-4200U, i5-4210U, i5-4250U, i5-4258U, i5-4260U, i5-4278U, i5-4288U, i5-4300U, i5-4308U, i5-4350U
Intel® Core™ Processor i3-4005U, i3-4010U, i3-4025U, i3-4030U, i3-4100U, i3-4120U, i3-4158U
Intel® Pentium® Processor 3556U, 3558U, 3665U
Intel® Celeron® Processor 2955U, 2957U, 2980U, 2981U
Intel® Core™ Processor i7-4610Y
Intel® Core™ Processor i5-4200Y, i5-4202Y, i5-4210Y, i5-4220Y, i5-4300Y, i5-4302Y
Intel® Core™ Processor i3-4010Y, i3-4012Y, i3-4020Y, i3-4030Y
Intel® Pentium® Processor 3560Y, 3561Y
0x46 (70) 0x01 (1) 0x1c (30) SRBDS Haswell H
Haswell R
4th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-4700EC, i7-4702EC, i7-4950HQ, i7-4960HQ, i7-4980HQ, i7-4850HQ, i7-4860HQ, i7-4870HQ, i7-4700HQ, i7-4702HQ, i7-4710HQ, i7-4712HQ, i7-4720HQ, i7-4722HQ, i7-4750HQ, i7-4760HQ, i7-4770HQ, i5-4210H, i5-4402EC
Intel® Core™ Processor i7-4770R, i5-4670R, i5-4570R
0x47 (71) 0x01 (1) 0x22 (34) SRBDS Broadwell H 43e
Broadwell Xeon E3
5th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-5700EQ, i7-5700HQ, i7-5750HQ, i7-5850EQ , i7-5850HQ, i7-5950HQ
Intel® Core™ Processor i5-5575R, i5-5675C, i5-5675R, i7-5775C, i7-5775R
Intel® Xeon® Processor v4 E3-1258L, E3-1265L, E3-1278L, E3-1285, E3-1285
0x4e (78) 0x03 (3) 0xdc (220) SRBDS, VRDS, L1DCES Skylake U/Y
Skylake U (2+3e)
6th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-6500U, i7-6510U, i7-6600U
Intel® Core™ Processor i5-6200U, i5-6210U, i5-6300U, i5-6310U
Intel® Core™ Processor i3-6100U, i3-6110U
Intel® Pentium® Processor 4405U, 4415U
Intel® Celeron® Processor 3855U, 3865U, 3955U, 3965U
Intel® Core™ Processor I7-6560U, I7-6567U, I7-6650U, I7-6660U
Intel® Core™ Processor I5-6260U, I5-6267U, I5-6287U, I5-6360U
Intel® Core™ Processor i3-6167U
Intel® Core™ Processor m7-6Y75, m5-6Y54, m5-6Y57, m3-6Y30
Intel® Pentium® Processor 4405Y
0x55 (85) 0x03 (3) 0x1000157 (16777559) VRDS, L1DCES Skylake Server Intel® Xeon® Processor P-8124, P-8136
0x55 (85) 0x04 (4) 0x2006906 (33581318) VRDS, L1DCES Skylake D
Bakerville
Skylake Server
Skylake W
Skylake X
Basin Falls
Intel® Xeon® Processor D-2123IT, D-2141I, D-2142IT, D-2143IT, D-2145NT, D-2146NT, D-2161I, D-2163IT, D-2166NT, D-2173IT, D-2177NT, D-2183IT, D-2187NT
Intel® Xeon® Bronze Processor 3104, 3106
Intel® Xeon® Gold Processor 5115, 5118, 5119T, 5120, 5120T, 5122, 6126, 6126F, 6126T, 6128, 6130, 6130F, 6130T, 6132, 6134, 6134M, 6136, 6138, 6138F, 6138T, 6140, 6140M, 6142, 6142F, 6142M, 6144, 6146, 6148, 6148F, 6150, 6152, 6154
Intel® Xeon® Platinum Processor 8153, 8156, 8158, 8160, 8160F, 8160M, 8160T, 8164, 8168, 8170, 8170M, 8176, 8176F, 8176M, 8180, 8180M
Intel® Xeon® Silver Processor 4108, 4109T, 4110, 4112, 4114, 4114T, 4116, 4116T
Intel® Xeon® Processor W-2123, W-2125, W-2133, W-2135, W-2145, W-2155, W-2195, W-2175
Intel® Core™ i9 79xxX, 78xxX
0x55 (85) 0x07 (7) 0x5002f01 (83898113) VRDS, L1DCES Cascade Lake 2nd Generation Intel® Xeon® Scalable Processors
Intel® Xeon® Platinum Processor 8253, 8256, 8260, 8260L, 8260M, 8260Y, 8268, 8270, 8276, 8276L, 8276M, 8280, 8280L, 8280M, 9220, 9221, 9222, 9242, 9282
Intel® Xeon® Gold Processor 5215, 5215L, 5215M, 5215R, 5217, 5218, 5218B, 5218N, 5218T, 5220, 5220R, 5220S, 5220T, 5222, 6222V, 6226, 6230, 6230N, 6230T, 6234, 6238, 6238L, 6238M, 6238T, 6240, 6240L, 6240M, 6240Y, 6242, 6244, 6246, 6248, 6252, 6252N, 6254, 6262V
Intel® Xeon® Silver Processor 4208, 4208R, 4209T, 4210, 4210R, 4214, 4214C, 4214R, 4214Y, 4215, 4216, 4216R
Intel® Xeon® Bronze Processor 3204, 3206R
Intel® Xeon® Processor W-3275M, W-3275, W-3265M, W-3265, W-3245M, W-3245, W-3235, W-3225, W-3223, W-2295, W-2275, W-2265, W-2255, W-2245, W-2235, W-2225, W-2223
Intel® Core™ X-series Processor i9-10940X, i9-10920X, i9-10900X, i9-9960X, i9-9940X, i9-9920X, i9-9900X, i9-9820X, i9-9800X, i9-7960X, i9-7940X, i9-7920X, i9-7900X, i7-7820X, i7-7800X, i7-7740X, i7-7640X
0x5e (94) 0x03 (3) 0xdc (220) SRBDS, VRDS, L1DCES Skylake H 6th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-6700HQ, i7-6770HQ, i7-6820HK, i7-6820HQ, i7-6870HQ, i7-6920HQ, i7-6970HQ, i5-6300HQ, i5-6350HQ, i5-6440HQ, i3-6100H, i7-6700, i7-6700K, i7-6700T, i7-6700TE, i7-6820EQ, i7-6822EQ, i5-6400, i5-6400T, i5-6440EQ, i5-6442EQ, i5-6500, i5-6500T, i5-6500TE, i5-6600, i5-6600K, i5-6600T, i3-6100, i3-6100E, i3-6100T, i3-6100TE, i3-6102E, i3-6120, i3-6120T, i3-6300, i3-6300T, i3-6320, i3-6320T
Intel® Pentium® Processor G4400, G4400T, G4400TE, G4420, G4420T, G4500, G4500T, G4520, G4520T, G4540
Intel® Celeron® Processor G3900, G3900T, G3900TE, G3902E, G3920, G3920T, G3940
0x8e (142) 0x09 (9) 0xd6 (214) SRBDS, VRDS, L1DCES Kaby Lake U
Kaby Lake U (2+3e)
Kaby Lake Y
7th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-7500U, i7-7510U, i7-7600U, i7-7560U, i7-7567U, i7-7660U, i7-7Y75, i5-7200U, i5-7210U, i5-7300U, i5-7500U, i5-7260U, i5-7267U, i5-7287U, i5-7360U, i5-7Y54, i5-7Y57, i3-7007U, i3-7100U, i3-7110U, i3-7130U, i3-7167U, M3-7Y30, M3-7Y30
Intel® Pentium® Processor 4415U, 4410Y, 4415Y
Intel® Celeron® Processor 3865U, 3965U, 3965Y
0x8e (142) 0x09 (9) 0xd6 (214) SRBDS, VRDS, L1DCES Amber Lake Y 8th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-8500Y, i5-8310Y, i5-8210Y, i5-8200Y, m3-8100Y
0x8e (142) 0x0a (10) 0xd6 (214) SRBDS, VRDS, L1DCES Coffee Lake U (4+3e)
Kaby Lake Refresh U (4+2)
8th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-8559U, i7-8550U, i7-8650U, i5-8259U, 8269U, i5-8250U, i5-8350U, i3-8109U, i3-7020U, i3-8130U
0x8e (142) 0x0b (11) 0xd6 (214) SRBDS, VRDS, L1DCES Whiskey Lake U 8th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-8565U, i7-8665U, i5-8365U, i5-8265U, i3-8145U
Intel® Core™ Processor 4205U, 5405U
0x8e (142) 0x0c (12) 0xd6 (214) SRBDS, VRDS, L1DCES Whiskey Lake U, Amber Lake Y, Comet Lake U (4+2) 8th Generation Intel® Core™ Processor Family
10th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i7-10510Y, i5-10310Y, i5-10210Y, i5-10110Y, i7-10510U, i7-8565U, i7-8665U, i5-10210U, i5-8365U, i5-8265U, Intel® Pentium® Gold Processor 6405U, Intel® Celeron® Processor 5305U
0x9e (158) 0x09 (9) 0xd6 (214) SRBDS, VRDS, L1DCES Kaby Lake G
Kaby Lake H
Kaby Lake S
Kaby Lake X
Kaby Lake Xeon E3
7th Generation Intel® Core™ Processor Family
8th Generation Intel® Core™ Processor Family
Intel® Core™ X-series Processors (i5-7640X, i7-7740X)
Intel® Core™ Processor i7-8705G, i7-8706G, i7-8709G, i7-8809G, i5-8305G, Intel® Core™ Processor i7-7700HQ, i7-7820EQ, i7-7820HK, i7-7820HQ, i7-7920HQ, i7-7700, i7-7700K, i7-7700T, i5-7300HQ, i5-7440EQ, i5-7440HQ, i5-7442EQ, i5-7400, i5-7400T, i5-7500, i5-7500T, i5-7600, i5-7600K, i5-7600T, i3-7100H, i3-7100E, i3-7101E, i3-7101TE, i3-7102E, i3-7120, i3-7120T, i3-7320T, i3-7340
Intel® Celeron® Processor G3930E, G3930TE
Intel® Xeon® Processor v6 E3-1535M, E3-1505M, E3-1505L, E3-1501L, E3-1501M, E3-1285, E3-1280, E3-1275, E3-1270, E3-1245, E3-1240, E3-1230, E3-1225, E3-1220
0x9e (158) 0x0a (10) 0xd6 (214) SRBDS, VRDS, L1DCES Coffee Lake H (6+2)
Coffee Lake S (6+2)
Coffee Lake S (6+2) Xeon E
Coffee Lake S (4+2) Xeon E
8th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor E Family
Intel® Core™ Processor i9-8950HK, i7-8700K, i7-8700B, i7-8750H, i7-8850H, i7-8670, i7-8670T, i7-8700, i7-8700T, i5-8600K, i5-8650K, i5-8300H, i5-8400B, i5-8400H, i5-8500B, i5-8400, i5-8400T, i5-8420, i5-8420T, i5-8500 , i5-8500T, i5-8550, i5-8600, i5-8600T, i5-8650
Intel® Xeon® Processor E-2174G, E-2144G, E-2134, E-2124, E-2124G, E-2284G, E-2274G, E-2254ML, E-2254ME, E-2244G, E-2234, E-2224, E-2224G, E-2184G, E-2186G, E-2176G, E-2176M, E-2146G, E-2136, E-2126G, 2286G, E-2276ML, E-2276ME, E-2276M, E-2276G, E-2246G, E-2236, E-2226GE, E-2226G, E-2186M, E-2176M
0x9e (158) 0x0b (11) 0xd6 (214) SRBDS, VRDS, L1DCES Coffee Lake S (4+2) 8th Generation Intel® Core™ Processor Family
Intel® Pentium® Gold Processor Series
Intel® Celeron® Processor G Series
Intel® Core™ Processor i3-8000, i3-8000T, i3-8020, i3-8100, i3-8100, i3-8100H, i3-8100T, i3-8120, i3-8300, i3-8300T, i3-8350K
Intel® Pentium® Gold G5400, G5400T, G5400T, G5420, G5420T, G5420T, G5500, G5500T, G5600
Intel® Celeron® Processor G4900, G4900T, G4920
0x9e (158) 0x0c (12) 0xd6 (214) SRBDS, VRDS, L1DCES Coffee Lake S (8+2) 9th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i9-9900K, i9-9900KF, i7-9700K, i7-9700KF, i5-9600K, i5-9600KF, i5-9400, i5-9400F
0x9e (158) 0x0d (13) 0xd6 (214) SRBDS, VRDS, L1DCES Coffee Lake H (8+2)
Coffee Lake S (8+2)
Coffee Lake S (8+2) Xeon E
9th Generation Intel® Core™ Processor Family
Intel® Core™ Processor i9-9980HK, i9-9880H, i7-9850H, 9750HF, i5-9400H, 9300H
Intel® Xeon® Processor E-2288G, E-2286M, E-2278GEL, E-2278GE, E-2278G

Resolution

Red Hat customers running affected versions of Red Hat products are strongly recommended to update them as soon as errata are available. Customers are urged to apply the appropriate updates immediately and reboot to mitigate this flaw correctly.

Acknowledgements

Red Hat thanks Intel for fixing these issues and making Red Hat aware of the remediation.

Frequently Asked Questions

Q: Do I need to reboot for the changes to take effect?
A: Reboot is not required, but the reporting of the SRBDS mitigation via sysfs will be incorrect on RHEL 7 and 8 if a late microcode update is performed.
Q: What if my CPU is not listed in the table?
A: Red Hat intends to continue to update these microcode packages as necessary. Please contact your hardware vendor to determine whether more recent BIOS and firmware updates are recommended for your hardware because additional improvements may be available.

Additional Information

Red Hat can not guarantee the correctness of the above information as the microcode update is provided by upstream vendors.

Related Knowledge Base articles:

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.