TACTICAL CYBER INTELLIGENCE REPORT
Actor Type: II
Serial: TR-18-0100-001
Countries: IN, CN
Report Date: 20180410
Intel will not fix all Processor Models affected by Spectre v2
The Intel Corporation has publicly admitted they will not fix all of the processor models which were affected by the Spectre (variant 2, V2) side channel analysis attack.
In a recent Microcode Revision Guidance update[1] published by Intel, various models of CPUs will not receiving fixes. Intel stated they it would not be possible to address the Spectre design flaw in their old CPUs. This because it requires changes to the processor architecture to mitigate the issue fully.
The Spectre V2 vulnerability, CVE-2017-5715, affects systems where microprocessors utilize speculative execution and indirect branch prediction which allows a malicious program to read sensitive information, such as passwords, encryption keys, or sensitive information; including that of the kernel, using a side-channel analysis attack.
The chip-maker has marked "Stopped" to the production status for a total 9 product families:
- Bloomfield
- Clarksfield
- Gulftown
- Harpertown Xeon
- Jasper Forest
- Penryn
- SoFIA 3GR
- Wolfdale
- Yorkfield
The families were mostly sold between 2007 – 2011. This leaves more than 200 models vulnerable, which will directly impact millions of devices.
Figure 1. Intel chart regarding affected Spectre v2 CPU’s
Our customers are advised to patch (wherever applicable) and upgrade their hardware to latest models so that they can prevent such attacks.
For questions or comments regarding this report or additional research, please contact the lab directly at 603-606-1246 or feedback@wapacklabs.com
[1] https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf
Comments