'

Meltdown-Spectre: Intel says newer chips also hit by unwanted reboots after patch

Intel's firmware fix for Spectre is also causing higher reboots on Kaby Lake and Skylake CPUs.

Video: Intel addresses Meltdown and Spectre security flaws at CES 2018

Intel says the unexpected reboots triggered by patching older chips affected by Meltdown and Spectre are happening to its newer chips, too.

Intel confirmed in an update late Wednesday that not only are its older Broadwell and Haswell chips tripping up on the firmware patches, but newer CPUs through to the latest Kaby Lake chips are too.

The firmware updates do protect Intel chips against potential Spectre attacks, but machines with Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake architecture processors are rebooting more frequently once the firmware has been updated, Intel said.

Intel has also updated its original Meltdown-Spectre advisory with a new warning about the stability issues and recommends OEMs and cloud providers test its beta silicon microcode updates before final release. These beta releases, which mitigate the Spectre Variant 2 CVE-2017-5715 attack on CPU speculative execution, will be available next week.

"Intel recommends that these partners, at their discretion, continue development and release of updates with existing microcode to provide protection against these exploits, understanding that the current versions may introduce issues such as reboot in some configurations," the company wrote.

"We further recommend that OEMs, Cloud service providers, system manufacturers and software vendors begin evaluation of Intel beta microcode update releases in anticipation of definitive root cause and subsequent production releases suitable for end users".

intelmeltdpwnspectreimpact.png

Intel says workloads with more user/kernel privilege changes and which spend a lot of time in privileged mode are more adversely impacted.

Image: Intel

Despite the stability issues, Intel has told OEMs not to withdraw the already released updates for end users.

However, it warned IT admins at datacenters to proceed with caution: "Evaluate potential impacts from the reboot issue and make decisions based on the security profile of the infrastructure".

See also: Cybersecurity in 2018: A roundup of predictions

Navin Shenoy, Intel's EVP and GM of the datacenter group, has also released test data on the performance impact of the firmware updates on servers running its latest Skylake-based server Xeon Scalable systems.

On "common workloads" in the enterprise and cloud, Intel has seen an impact of zero to two percent, while it had a four percent impact on a simulated brokerage firm's customer-broker-stock exchange transaction system.

There is a large variance in the fix's impact on data-storage systems depending on CPU utilization and other factors, such as the read-write mix, block size, and drives.

On one benchmark at full CPU utilization, Intel found an 18 percent decrease in throughput performance, while on a 73/30 read/write model there was only a two percent hit on throughput performance.

Shenoy highlighted Google's software-based Retpoline fix for the Variant 2 attack as another mitigation that "could yield less impact".

Google last week urged the whole industry to adopt Retpoline because it mitigated the attack but had almost no negative performance impact on current hardware.

"Retpoline fully protects against Variant 2 without impacting customer performance on all our platforms," a Google executive said.

Google's fix isn't a patch that consumers would apply to their own systems and addresses the variant that has the greatest risk for virtualized cloud environments.

Previous and related coverage

Meltdown-Spectre: Oracle's critical patch update offers fixes against CPU attacks

The enterprise software giant is working on Spectre fixes for Solaris on Sparc V9.

Windows Meltdown-Spectre: Watch out for fake patches that spread malware

Criminals have yet to exploit Meltdown and Spectre, but they're playing on users' uncertainties about the CPU flaws in their malware and phishing schemes.

Industrial equipment manufacturers reporting difficulties with Meltdown and Spectre patches

Fixing the security flaws is causing errors to pop up elsewhere for some companies.

Linux vs Meltdown: Ubuntu gets second update after first one fails to boot

Now Linux distributions get hit by Meltdown patch issues.

Bad news: A Spectre-like flaw will probably happen again (CNET)

Our devices may never truly be secure, says the CEO of the company that designs the heart of most mobile chips.

26% of organizations haven't yet received Windows Meltdown and Spectre patches (TechRepublic)

Roughly a week after the update was released, many machines still lack the fix for the critical CPU vulnerabilities.