Video: Intel says it can't protect all chips vulnerable to Meltdown and Spectre.
Oracle has released patches for the latest Spectre CPU flaws and a fix for the Lazy floating-point unit (FPU) state restore issue affecting Intel CPUs.
Oracle's updates address the Spectre CPU flaws revealed in May, including CVE-2018-3640, also known as Spectre variant 3a, and CVE-2018-3639, Spectre variant 4.
The fix for Spectre version 4 needs both software and microcode updates, while fixing Spectre version 3a only requires microcode updates.
Oracle has released software-based patches for Oracle Linux and Oracle VM with Intel's microcode updates for x86 hardware.
Oracle director of security assurance, Eric Maurice, said the company will release more microcode updates and firmware patches as they become available from Intel.
Oracle has also released updates for Red Hat Compatible Kernel (RHCK) to address CVE-2018-3665, the Lazy FPU issue that affects operating systems and VMs running on x86 microprocessors.
This update can be installed using Oracle's Ksplice tool for patching Oracle Linux.
Ksplice updates are also available for Oracle Unbreakable Enterprise Kernel Release 4 (UEKR4) on Oracle Linux 6 and Oracle Linux 7, which bring additional improved fixes for Spectre variant 2, and Spectre variant 3a.
Under Single Thread Indirect Branch Predictors (STIBP) enable failure, Oracle notes: "Incorrect masking could prevent the STIBP feature of the IA32_SPEC_CTRL MSR from being set. Guests that used the STIBP feature to mitigate Spectre v2 would not be fully mitigated."
That update also includes a fix for Spectre Variant 3a specific to AMD systems.
"The original vendor fix for CVE-2018-3639 did not expose the mitigation to KVM guests on AMD or correctly handle symmetric multithreading (SMT) systems.
"This update enables the speculative store bypass mitigation full time to protect guests and SMT systems by default on AMD systems and can be manually enabled/disable by writing 1/0 to /proc/sys/vm/ksplice_ssbd_control. The /proc/sys/vm/ksplice_ssbd_status file reports the current mitigation status," Oracle notes.
Previous and related coverage
Intel has announced that there's yet another CPU security bug in its Core-based microprocessors.
The enterprise software giant is working on Spectre fixes for Solaris on Sparc V9.
Intel's Spectre variant 4 patch will be off by default, but users who turn it on are likely to see slower performance.
Reports are emerging of eight new 'Spectre-class' security CPU vulnerabilities.
A new variant of Spectre can expose the contents of memory that normally can't be accessed by the OS kernel.
Microsoft releases new Windows updates to address the Spectre variant 2 flaw affecting Intel chips.
AMD has released microcode updates for Spectre variant 2 that require Microsoft's latest Windows 10 patch.
A handful of CPU families that Intel was due to patch will now forever remain vulnerable.
Intel has listed a range of CPUs released between 2007 and 2011 that will not receive a firmware update to help guard against Spectre-related exploits.
Since the beginning of 2018, the number of cases has risen from three to 32.