Intel won't patch Spectre v2 flaw in older processors

Shawn Knight

Posts: 12,692   +124
Staff member

Intel has updated its microcode revision guidance document which outlines its mitigation plans for the Meltdown and Spectre CPU flaws disclosed earlier this year. Among the revelations is the fact that Chipzilla won’t be producing Spectre v2 microcode updates for several of its older processors.

As outlined in the guidance, production of patches has been halted for the following CPU families: Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown Xeon C0, Harpertown Xeon E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale C0, M0, Wolfdale E0, R0, Wolfdale Xeon C0, Wolfdale Xeon E0, Yorkfield and Yorkfield Xeon.

Intel said that after a comprehensive investigation of the microarchitectures and microcode capabilities for these products, they have decided not to release microcode updates for one or more of the following reasons (including but not limited to):

  • Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)
  • Limited Commercially Available System Software support
  • Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities

Intel didn’t specify which reasons apply to which chips.

The guidance lists mitigations for all other chips as either being in production or a production candidate (as in the case of select Coffee Lake CPUs).

While it’s disappointing that Intel is leaving some legacy users out in the cold, it’s not entirely surprising. As Tom’s Hardware highlights, “the real reason Intel gave up on patching these systems seems to be that neither motherboard makers nor Microsoft may be willing to update systems sold a decade ago.”

Permalink to story.

 

jobeard

Posts: 13,985   +1,782
As no diagnostic reports use the code names:
halted for the following CPU families: Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown Xeon C0, Harpertown Xeon E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale C0, M0, Wolfdale E0, R0, Wolfdale Xeon C0, Wolfdale Xeon E0, Yorkfield and Yorkfield Xeon
it's quite impossible to assess if your system IS or IS NOT affected(n))
 

cliffordcooley

Posts: 12,523   +5,884
It has only been 7 years for Sandy Bridge, and I will be surprised if it gets a patch. And to be honest I don't care either way.
 

MoeJoe

Posts: 837   +441
As no diagnostic reports use the code names:
halted for the following CPU families: Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown Xeon C0, Harpertown Xeon E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale C0, M0, Wolfdale E0, R0, Wolfdale Xeon C0, Wolfdale Xeon E0, Yorkfield and Yorkfield Xeon
it's quite impossible to assess if your system IS or IS NOT affected(n))
CPU-Z and Aida64 report family code names. One can also simply put their Intel product number into Google and head straight to Intel.com to see name designations.
 
  • Like
Reactions: Cycloid Torus

Ascaris

Posts: 132   +94
“the real reason Intel gave up on patching these systems seems to be that neither motherboard makers nor Microsoft may be willing to update systems sold a decade ago.”

Motherboard makers is a red herring-- you don't need to do a microcode update via firmware. After the debacle they already caused, I wouldn't want to go that way anyway. As for Microsoft not being willing to... nonsense! MS already has the ability to deliver microcode updates in Windows, and they supposedly have for some of the newer CPUs already, although that update has not been made available, AFAIK, through the Windows Update channel.

MS packaging and distributing the microcode updates for the other CPUs would be no more painful than them delivering a new malware definition file in Defender. We just need someone... maybe someone who makes CPUs and promised to fix certain ones for three months... oh, I don't know, someone like Intel... to actually write the updates. That's the only remotely hard part.

Of course, I don't know what interest Microsoft would have in _my_ C2D Penryn CPU, one of the ones Intel promised to fix and now promises not to... I mean, I know they supposedly love Linux now, but the Ubuntu devs seem pretty capable of packaging the microcode updates without Microsoft. They've done it several times already this year. Microsoft's willingness or unwillingness doesn't seem terribly relevant.
 

captaincranky

Posts: 16,211   +4,970
As outlined in the guidance, production of patches has been halted for the following CPU families: Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown Xeon C0, Harpertown Xeon E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale C0, M0, Wolfdale E0, R0, Wolfdale Xeon C0, Wolfdale Xeon E0, Yorkfield and Yorkfield Xeon.

Shawn, either you forgot one, or strangely enough, they are going to issue a patch for the Clarkdale series. Q1 2010 was the launch for these. Signed :confused: