A new microcode bug has been discovered in Intel’s 6th and 7th generation Skylake and Kaby Lake processors.
The flaw, which was disclosed on the Debian Linux user list, supports HyperThreading and reportedly exists across all operating systems.
HyperThreading is Intel’s proprietary multithreading method, deployed to improve the parallelisation of computations performed on its x86 microprocessors.
The bug was described in detail on the user list with a warning notification. Henrique de Moraes Holschuh, Debian developer said it “could cause spurious errors, such as application and system misbehaviour, data corruption and data loss.”
According to the user list, Intel is aware of the bug and has provided the necessary patches but has yet to inform the OCaml researchers who initially reported the bug.
An Intel errata note described the bug as: “Under complex micro-architectural conditions, short loops of less than 64 instructions that use AH, BH, CH or DH registers as well as their corresponding wider register (eg RAX, EAX or AX for AH) may cause unpredictable system behaviour. This can only happen when both logical processors on the same physical processor are active.”
It has not been specified what the exact conditions are that could lead to the CPUs being triggered, however it has been made clear that apart from possible data corruption or loss, an attacker can also use the bug to create an attack.
Some fixes have been listed, however it was noted on the Debian user list that “the Kaby Lake microcode updates that fix this issue are currently only available to system vendors, so you will need a BIOS/UEFI update to get it.”
Kaby Lake users have been advised to contact system vendors for the updates and disable access to hyperthreading in the meantime, while Skylake users, dependent on the model are provided with an Intel- hyperthreading package or should otherwise disable and wait for a BIOS/UEFI fix.