Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Red Hat Pulls Spectre Patches Due to Instability

Red Hat has decided to pull microcode patches for one variant of the Spectre exploit after users complained that updates had caused their systems to stop booting.

Red Hat has decided to pull microcode patches for one variant of the Spectre exploit after users complained that updates had caused their systems to stop booting.

Red Hat was among the first vendors to release mitigations for the CPU attack methods known as Spectre and Meltdown. In addition to kernel updates, users of the Linux distribution have been provided microcode updates that can be applied non-persistently using the microcode_ctl mechanism.

By placing the microcode in /lib/firmware/, the update is applied each time the system boots. However, one of the Spectre mitigations has been causing problems and Red Hat has decided to remove it.

The Meltdown attack relies on one vulnerability tracked as CVE-2017-5754. There are two main variants of the Spectre attack: one uses CVE-2017-5753 (Variant 1) and the other one CVE-2017-5715 (Variant 2).

Red Hat determined that the mitigations included in its microcode_ctl and linux-firmware packages for CVE-2017-5715 have caused problems for some users, which is why the latest versions of these packages do not address this variant of the Spectre exploit.

“Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot,” Red Hat said. “The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes to versions that were known to be stable and well tested, released prior to the Spectre/Meltdown embargo lift date on Jan 3rd.”

Red Hat has advised customers to protect their devices against attacks by obtaining updated microcode provided by CPU vendors as system firmware updates. Unlike microcode applied via the microcode_ctl mechanism, system firmware updates represent a more permanent solution.

The Meltdown and Spectre patches are believed to be efficient in protecting against attacks. However, many of the updates have turned out to be unstable and industrial control systems (ICS) vendors have advised customers not to apply them before conducting thorough tests.

Advertisement. Scroll to continue reading.

The updates initially released by Microsoft caused some systems using AMD processors to stop booting. Some systems running Ubuntu also failed to boot after Canonical’s first round of updates was installed.

Intel itself said the microcode updates it released in response to Meltdown and Spectre caused some systems to reboot more often. VMware has decided to delay new releases of microcode updates until Intel addresses these problems.

Related: Apple Adds Spectre Protections to Safari, WebKit

Related: Fake Meltdown/Spectre Patch Installs Malware

Related: Oracle Fixes Spectre, Meltdown Flaws With Critical Patch Update

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...