Univention Bugzilla – Bug 45064
Intel Microcode update to fix hyperthreading issue leading to silent data corruption
Last modified: 2018-08-13 13:17:05 CEST
TL;DR: Intel has issued public microcode updates in 2017-07-07, fixing the hyper-threading errata on every affected processor. These updates have been included in the stable and oldstable point releases from 2017-07-22. The microcode updates in the "intel-microcode" packages with the base version of 3.20170707.1 fix the hyper-threading defect on every known- affected Intel processor, including Kaby Lake and all variants of Skylake. Updated intel-microcode packages are already available for oldstable, stable, testing, unstable, jessie-backports-sloppy and stretch-backports. For more details and instructions, please refer to: https://wiki.debian.org/Microcode FAQ about the "hyper-threading defect": Q. Does the Intel "microcode update" that fixes the defect remove hyper-threading support? A. The updated microcode *fixes* hyper-threading, it does *not* remove hyper-threading support. Upgraded microcode information related to these errata: Skylake D0/R0 (mobile/desktop), signatures 0x406e3, 0x506e3: Known to be fixed in microcode revision 0xb9/0xba and later. Public fix available in linux microcode 20170511 and later. Skylake H0 (server/HEDT/X-series), signature 0x50654: Known to be fixed in microcode revision 0x2000022 and later, and it might have been fixed since revision 0x200001a. Public fix available in linux microcode 20170707 and later. Kaby Lake H0/B0 (mobile/desktop), signatures 0x806e9, 0x906e9 (pf mask 0x22): Known to be fixed in microcode revision 0x5d/0x5e and later. Public fix available in linux microcode 20170707 and later. Kaby Lake X-series, signature 0x906e9 (pf mask 0x08): These processors are *NOT* affected when installed in a *supported* motherboard configuration (i.e. one that had its firmware updated to be compatible with Kaby Lake X-series). The launch production microcode already has the fix (believed to be microcode revision 0x5d or later based on the processor flags mask). Kaby Lake Y0: signature 0x806ea: Known to be fixed in microcode revision 0x65/0x66 and later, and it might have been fixed since revision 0x5d/0x5e. Public fix available in linux microcode 20170707 and later. References from the original advisory: https://caml.inria.fr/mantis/view.php?id=7452 http://metadata.ftp-master.debian.org/changelogs/non-free/i/intel-microcode/unstable_changelog https://www.intel.com/content/www/us/en/processors/core/desktop-6th-gen-core-family-spec-update.html https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v5-spec-update.html https://www.intel.com/content/www/us/en/products/processors/core/6th-gen-x-series-spec-update.html New references: The two new references below contain material that was not known to the Debian maintainers or to the Debian project: https://medium.com/ahrefs/skylake-bug-a-detective-story-ab1ad2beddcd http://gallium.inria.fr/blog/intel-skylake-bug/
According to <http://xen1.knut.univention.de:8000/packages/source/intel-microcode/> we already released at least 2017-07-07 for UCS-4.2 and UCS-4.3: 3.20180425.1 4.2-3/errata, 4.2-4 3.20170707.1~deb9u1 4.3-0 3.20180703.2 is currently in the pipeline.