"Spoiler" bug of Intel CPUs

" SPOILER " or any Speculative Execution vulnerables solution must be coming from both Hardware and Software sides.

If you see history of Spectre Variant 1-4 since 2017 through present day. Both OS kernel (All platform Windows / Mac OS / Linux etc )
and CPU Microcode ( Hardware side Intel ARM AMD) were release to address those vulnerables at last.

History will repeat on " SPOILER " or any new vulnerables soon. Don’t be panic , at least there are no loss from " SPOILER " more when
compare to those Spectre Variants 1-4 and Meltdown.

I do not believe in that, They are necessary, I believe. Nevertheless some are from “GitHub - platomav/CPUMicrocodes: Intel, AMD, VIA & Freescale CPU Microcode Repositories” which are original brands production. I am following this site for updates for older systems, which lost support.

I don’t want to open a discussion about UBU…

@Santa2017

"… History will repeat on " SPOILER " or any new vulnerables soon. Don’t be panic… "

Panic? Hmm… Can Cylons or Terminators take over and run nuclear missiles? No, no. I am not panicing…

I do not believe in that, They are necessary, I believe.


You may have the opinion, that the update of the CPU Microcode is necessary for you, but it is up to the other users to decide this themselves. In this case the decision depends on the priority, which has been set by the user (safety or performance).

Maybe Santa2017 will terminated the T-850 , T-1000 and especially T-X by new microcode before they’d start their misson to hunt karakarga corner.


OK. Back to topic buddy. The speculative execution unit vulnerables of Intel CPU issue were coming from these cause.
https://www.youtube.com/watch?v=pi2ftnlfImo

Intel already acknowledged all vulnerables cause speculative execution attack as you see from those video link.

They’d already fixed exist CPU family since Nehalem to Cannonlake and also Comet lakes and Icelake.
Some model of CPU they’d release microcode for mitigation those vulnerables within work co-operating with Microsoft Apple and all Linux venders to optimized their OS kernels
working with those microcode for minimum performance impacted.

Some model of CPU such as Cascade Lake Cooperlake Icelake SP had hardware fixed in silicon already.

For Example Icelake U here



The RED rectangular around was new instruction to protect against Spectre V1-4 and also L1TF vulnerables. These called " Hardware Silicon Fixed " .

So, Don’t panic on " SPOILER " vulnerables to launch NUKE at all. It’ll be " TERMINATED SOON " .



There is new Skylake X 0200005D Microcode Protected Against " SPOILER " DATE 2019-03-21 Release Inside Microsoft Windows 10 # 2020H1 #
Insider Preview 18860.1001 Kernel. Could you search for other source binary file for us.









@karakarga As I said " SPOILER " are terminated . Maybe faster than your imagine

@Santa2017
From the pictures you have inserted, I still can not see " Spoiler " patch related fix! ???
I can see at top picture;
Microcode Rev. 0x200005D > Spectre (CVE-2017-5715) Patched < but, not related with " Spoiler " fix?

According to: https://blog.rapid7.com/2018/01/04/meltd…-cve-2017-5754/
Updates
January 5, 2018: We have added Meltdown and Spectre vulnerability checks to InsightVM and Nexpose for Windows and VMware and will continue to add coverage as vendors publish mitigations for CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. We have also added a dashboard to InsightVM to provide visibility and tracking for Meltdown, and will continue to incorporate new insights. The Meltdown dashboard is available in the R7 Dashboard template library within InsightVM, …


The update is still missing for " Spoiler " that patch is dated "January 5, 2018"

By the way, you are using an older bios version than the latest Version 1704 2019/02/21 please update your bios first!

@karakarga
You misunderstand me, CPU-Z only indicated CVE-2017-5715 on many Microcode Since 0200003A → 0200005D.
It was not said anymore that what microcode revision do other thing . However for correcting you qoutes above

0200003A - 02000049 release on late 2017 to 2018 to protect against CVE-2017-5715 Spectre Variant 1 , 2 , 2a and Meltdown and also CVE-2017-5753/5754.

0200004D - 0200005A release on mid 2018 to present day add protect against CVE-2018-3665 (Lazy FPU) and CVE-2018- 3620/3646 Vulnerables (L1TF)

0200005D release 2019-03-21 protect against " SPOILER " addition protect over CVE-2017-5715 again (with no CVE label due same practice as Spectre V2 on attack areas.)

PS. Due ASUS Binary code protection on BIOS 1603 and 1704 BIOS. We can’t directly use UBUTools to update lastest 02000059 or 0200005A microcode with both BIOS revision.
However even my R6E use 1503 BIOS version. It’d already got 0200005D Microcode 2019-03-21 / Intel RST EFI / SATA OROM 17.2.0.3790 / 0.0.22 Intel LAN UNDI 0.1.13 Boot Agent
which more up to date than ASUS 1704 BIOS a lot
.

EDIT by Fernando: Unneeded fully quoted post replaced by directly addressing (to save space)

@Santa2017
@karakarga
Since the UBU Discussion thread is already big enough, I have moved your recent posts about the “Spoiler” bug into this already existing and more specific thread.
The UBU Discussion thread should only be used for specific UBU related problems.

OK, thank you Fernando…


Yes, that was a goldmine. I found 16 new microcodes going all the way back to Ivy Bridge. I’ll update MC Extractor and the Microcode Repository on Saturday. Thank you for the tip @Santa2017 .

mcupdate_GenuineIntel_18860.1001.rar (2.25 MB)

@plutomaniac

Can you manage to find a new microcode for x79 platform? I have seen, you have found SPOILER protection for Ivy Bridge 22nm 1155 processors, (cpu306A9_plat12_ver00000021_2019-02-13_PRD_A8DF9213.bin) and added to CPUMicrocodes-master DB r104.

I am looking for cpu306E4_platED_ver0000042E. (Instead of, cpu306E4_platED_ver0000042D_2018-04-25_PRD_25AD26F7.bin)

15.April.2019 update: (cpu306E4_platED_ver0000042E_2019-03-14_PRD_3C222CE1.bin) is lately available and inserted into “CPUMicrocodes-master DB r107” and integrated into “UBU_v1.73.0”. Thanks a lot for all…

If/When we find it, it will be uploaded at the repository.

I am now running the new cpu306A9_plat12_ver00000021_2019-02-13_PRD_A8DF9213.bin (ivy i7-3770) and it’s like i got an extra core added to my cpu.

Especially I/O seems to have gotten a boost on my system.

Isn’t this just the 20190312 public release pack? Nope, it is a new batch!

For the record, keep an eye here:
https://github.com/intel/Intel-Linux-Pro…code-Data-Files

Intel is adding another weird knob on these latest updates, Linux got a patch to deal with it. But the patch description was way too obfuscated, and I don’t have time to find out exactly how the PMU works to understand exactly what they did. This doesn’t mean it is security-related, though.


Can I get that into my BIOS with UBU?
Success with download of latest UBU + name change on MMTOOL, after messing around trying to replace MCE.db

@plutomaniac like @dash informed,

There is a new Linux Processor Microcode Update at https://downloadcenter.intel.com/downloa…ocode-Data-File dated 3/12/2019.

Intel-Linux_Processor_Microcode_readme.txt links for download to: https://github.com/intel/Intel-Linux-Pro…20190312.tar.gz

== 20190312 Release ==
– Updates upon 20180807 release –
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile
WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile
WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile
CFL-S P0 6-9e-c/22 000000a2 Core Gen9 Desktop
CFL-H R0 6-9e-d/22 000000b0 Core Gen9 Mobile
---- updated platforms ------------------------------------
HSX-E/EP Cx/M1 6-3f-2/6f 0000003d->00000041 Core Gen4 X series; Xeon E5 v3 ← #Like this one!
HSX-EX E0 6-3f-4/80 00000012->00000013 Xeon E7 v3
SKX-SP H0/M0/U0 6-55-4/b7 0200004d->0000005a Xeon Scalable
SKX-D M1 6-55-4/b7 0200004d->0000005a Xeon D-21xx
BDX-DE V1 6-56-2/10 00000017->00000019 Xeon D-1520/40
BDX-DE V2/3 6-56-3/10 07000013->07000016 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
BDX-DE Y0 6-56-4/10 0f000012->0f000014 Xeon D-1557/59/67/71/77/81/87
BDX-NS A0 6-56-5/10 0e00000a->0e00000c Xeon D-1513N/23/33/43/53
APL D0 6-5c-9/03 00000032->00000036 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
APL E0 6-5c-a/03 0000000c->00000010 Atom x5/7-E39xx
GLK B0 6-7a-1/01 00000028->0000002c Pentium Silver N/J5xxx, Celeron N/J4xxx
KBL-U/Y H0 6-8e-9/c0 0000008e->0000009a Core Gen7 Mobile
CFL-U43e D0 6-8e-a/c0 00000096->0000009e Core Gen8 Mobile
KBL-H/S/E3 B0 6-9e-9/2a 0000008e->0000009a Core Gen7; Xeon E3 v6
CFL-H/S/E3 U0 6-9e-a/22 00000096->000000aa Core Gen8 Desktop, Mobile, Xeon E
CFL-S B0 6-9e-b/02 0000008e->000000aa Core Gen8

#Note 1: It seems like, you have already updated the database, moreover some are newer than this list! (ex: 43 instead of 41 for Platform 6F Haswell-E) as you have mentioned, those have SPOILER fix!

Note 2: There is also an update present by Microsoft at, https://support.microsoft.com/en-us/help…crocode-updates named: KB4465065: Intel microcode updates. But, it is not mentioning about SPOILER related fix too. This current fix is downloadable from https://www.catalog.update.microsoft.com…aspx?q=4465065 for Windows 10 and Windows Server 2019 only, being as installer file(s)! Sadly, Windows 7 is not supported…

The KB4465065 update is NOT offered thru Windows Update. It can only be obtained by Microsoft Update Catalog.

i don’t know if following is caused by the new 21 mcode for ivy, but i had to lower my ddr voltage to 1.45 from 1.5 cause it was generating errors , errors that came even faster with higher voltage so i dropped it till no errors occured. Strange thing, maybe coincidence.

@GnarZ77

I have tried with MSI Z77A-GD65, i3-3220 processor. I have no issues, DDR3-2133 Ram speed with 1.5 Volts. (GSkill Trident brand single 8GB Ram) I am using this for Hackintosh mainly. Loaded Niresh Mojave Hackintosh 10.14.1, lately with 21 microcode, no issues again…

@karakarga , where did you get the information that the newest Intel microcodes address SPOILER?

I don’t doubt it has some sort of fix, I just want to know why people think this update fixes it.