Intel won't patch Spectre v2 flaw in older processors
Some legacy users will be left out in the coldBy Shawn Knight
Intel has updated its microcode revision guidance document which outlines its mitigation plans for the Meltdown and Spectre CPU flaws disclosed earlier this year. Among the revelations is the fact that Chipzilla won't be producing Spectre v2 microcode updates for several of its older processors.
As outlined in the guidance, production of patches has been halted for the following CPU families: Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown Xeon C0, Harpertown Xeon E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale C0, M0, Wolfdale E0, R0, Wolfdale Xeon C0, Wolfdale Xeon E0, Yorkfield and Yorkfield Xeon.
Intel said that after a comprehensive investigation of the microarchitectures and microcode capabilities for these products, they have decided not to release microcode updates for one or more of the following reasons (including but not limited to):
- Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)
- Limited Commercially Available System Software support
- Based on customer inputs, most of these products are implemented as "closed systems" and therefore are expected to have a lower likelihood of exposure to these vulnerabilities
Intel didn't specify which reasons apply to which chips.
The guidance lists mitigations for all other chips as either being in production or a production candidate (as in the case of select Coffee Lake CPUs).
While it's disappointing that Intel is leaving some legacy users out in the cold, it's not entirely surprising. As Tom's Hardware highlights, "the real reason Intel gave up on patching these systems seems to be that neither motherboard makers nor Microsoft may be willing to update systems sold a decade ago."