Linux Update Acknowledges Your Old Intel CPUs Might Be Vulnerable To MMIO Stale Data

Made public back in June by Intel was the MMIO Stale Data vulnerabilities. The disclosure noted affected Intel products range from Haswell up through Rocket Lake on the client side or Xeon Scalable Ice Lake servers. However, pre-Haswell Intel CPUs might be impacted too while the Linux kernel to this point was incorrectly stating older CPUs are "not affected" by MMIO Stale Data.

Intel has contributed a patch working its way now to the mainline kernel to acknowledge when an older processor is running to say it's "unknown" whether it's impacted by MMIO Stale Data rather than saying "not affected" and possibly giving a false sense of security. Intel for their part when evaluating vulnerabilities only go back so far in testing/verifying the exposure and so there isn't concrete information for example in the case of MMIO Stale Data whether pre-Haswell processors are affected.

MMIO Stale Data encompasses four CVEs that were made public in June in regards to security vulnerabilities within Intel's Memory Mapped I/O (MMIO) handling that could lead to information disclosure. Intel released updated firmware/microcode and also mitigation handling in the Linux kernel. MMIO Stale Data could lead to information disclosure with local access to affected systems.

"Too old" CPUs will now show a mitigation status of "unknown" rather than "not affected" with the pending Linux kernel change.

The updated Linux documentation for MMIO Stale Data puts the unknown state as: "The processor vulnerability status is unknown because it is out of Servicing period. Mitigation is not attempted."

The documentation also outlines Intel's service periods:

Servicing period: The process of providing functional and security updates to Intel processors or platforms, utilizing the Intel Platform Update (IPU) process or other similar mechanisms.

End of Servicing Updates (ESU): ESU is the date at which Intel will no longer provide Servicing, such as through IPU or other similar update processes. ESU dates will typically be aligned to end of quarter.

So this patch now part of TIP's x86/urgent branch before being submitted to mainline will show an "unknown" MMIO Stale Data state for CPUs not either whitelisted or blacklisted as part of Intel's handling for this mitigation. Once picked up in Linux 6.0 Git, the patch is already marked for back-porting to stable series for helping to avoid any confusion or false sense of security.