Intel Releases New Processor Microcode For Security Advisories, CPU Bugs
Following the disclosure of some 40 new security advisories for their products including the notable "PLATYPUS" vulnerability affecting Intel RAPL, they released the Intel 20201110 CPU microcode package for Linux users to address these security problems as well as other CPU bugs.
INTEL-SA-00381 is addressed as an information disclosure vulnerability around the fast store forward predictor and an AVX flaw where a local attacker can obtain the register state of previous AVX executions.
INTEL-SA-00389 is also addressed with the updated microcode and is in regards to the Intel RAPL vulnerabilities known as PLATYPUS. The updated microcode updates go along with the updated Linux kernel patches issued today, including the disabling of reading Intel CPU energy information by non-root users.
Besides the CPU security updates, there are also a number of "functional issue" updates around CPU bugs spanning many different generations. For example, Ice Lake processors have fixes around VT-d and a Type-C port issue that could lead to system hangs. Xeon Scalable Cascade Lake has a fix for where interrupts may be lost when a core exits C6. There are also various other random CPU bug fixes in the microcode too.
The Intel 20201110 microcode package is also the first time including binaries for Cooper Lake, Lakefield, Tiger Lake, and Comet Lake.
The updated Intel CPU microcode files are available via GitHub.