Intel Halts Spectre/Meltdown Patching for Broadwell and Haswell Systems

Intel is advising OEMs and partners to halt patching for the Spectre and Meltdown vulnerabilities amid numerous reports the updates are causing reboot issues on systems running the Broadwell and Haswell microprocessors.

“We recommend that OEMs, cloud service providers, system manufacturers, software vendors, and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior,” said Navin Shenoy, EVP and GM of Intel’s data center group, in a blog post Monday.

Dell EMC is among several OEMs that have heeded Intel’s guidance and is warning customers not install fixes for the Spectre vulnerabilities. On a post to its Knowledge Base Monday Dell EMC warned its customers the firmware BIOS update for the Spectre (Variant 2) vulnerability could lead to system errors.

“We have removed the impacted BIOS updates from our support pages and are working with Intel on a new BIOS update that will include new microcode from Intel,” wrote Dell EMC as part of its patch guidance. “If you have already deployed the BIOS update, in order to avoid unpredictable system behavior, you can revert back to a previous BIOS version.”

Problems associated with Intel’s rollout of patches for Spectre and Meltdown began to surface two weeks ago. At that time, Intel issued an advisory and Shenoy said the company was “working quickly with these customers to understand, diagnose and address this reboot issue.”

Despite Intel’s apparent earnest candor, many noted technologists are blasting the company for its patching efforts. For example, Linux creator Linus Torvalds wrote in a Linux forum thread Monday that Intel’s patches were “complete and utter garbage” and questioned the company’s motives overall.

Torvalds made his remarks in a debate between himself and another commenter in the thread:

“As it is, the patches are COMPLETE AND UTTER GARBAGE,” Torvalds wrote. “They do literally insane things. They do things that do not make sense.”

Torvalds’ comments are part of a lengthy discussion with another forum member, and reflect the outspoken personality he’s been known for since developing Linux in the early 1990s.

“We take the feedback of industry partners seriously,” an Intel spokesperson said in a statement. “We are actively engaging with the Linux community, including Linus, as we seek to work together on solutions.”

Bob Noel, director of strategic relationships and marketing for Plixer said he was also concerned about Intel’s patching woes because “the current unstable code for the Spectre and Meltdown CPU patches leaves end users vulnerable with no available options other than to wait for a stable fix.”

The Meltdown and Spectre hardware vulnerability opens the door for side-channel attacks that could allow an attacker to obtain passwords, encryption keys and emails by accessing system memory. The attacks were discovered earlier this month by Google’s Project Zero, Cyberus Technology and researchers from Graz University of Technology.

“Over the weekend, we began rolling out an early version of the updated solution to industry partners for testing, and we will make a final release available once that testing has been complete,” Shenoy said.

Source: ThreatPost

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!