Intel Has Decided Not to Patch Spectre Variant 2 in Some Chips [List] 

Author Photo
Apr 4, 2018
12Shares
Submit

Intel has revealed that it won’t patch certain chip families affected by the Meltdown and Spectre vulnerabilities. In an update to the mitigation guide, the company said it has stopped working on Spectre Variant 2 mitigation for some processor series because fixes are either impractical or the processors are no longer widely supported.

The mitigation guide was first published in February, with the chipmaker constantly updating the file in the past few weeks. The document offers information on the status of microcode updates to help users and OEMs track patches. An update made to the file earlier this week reveals that some older chips won’t ever be patched.

intel-securityRelated [Update: Intel Responds] Yet Another Side-Channel Vulnerability Discovered – Verified on Skylake and Kaby Lake

Some Intel chips will never receive microcode updates

The latest update made to the document applies a new stopped status to several processor families for which the chipmaker was previously developing patches. These include older chips with some starting production in 2008. Intel’s Core, Celeron, Pentium, and Xeon chips appear to be in the list.

In its explanation, the company said it had to stop developing microcode fixes for Spectre variant 2 for one or more of the following reasons, including:

  • Micro-architectural characteristics that preclude a practical implementation of features mitigating variant 2 CVE-2017-5715.
  • Limited commercially available system software support.
  • Based on customer inputs, most of these products are implemented as ‘closed systems’ and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.

Affected families include:

Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown Xeon C0, Harpertown Xeon E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale C0, Wolfdale M0, Wolfdale E0, Wolfdale R0, Wolfdale Xeon C0, Wolfdale Xeon E0, Yorkfield, and Yorkfield Xeon.

Intel has already released (and re-released, in some cases) fixes to Kaby Lake, Skylake, and Coffee Lake processors. More details available in this document (PDF).

Submit