I have a Dell laptop with a Haswell CPU, and the recent Retbleed vulnerabilities made me think how vulnerable it is in general. The whitepaper implies Haswell quite a lot, but it wasn't tested. I keep my microcode package up-to-date, but it seems there wasn't any upgrade in the past 2.5 years:
# dmesg|grep microcode
[ 0.000000] microcode: microcode updated early to revision 0x26, date = 2019-11-12
[ 0.492516] microcode: sig=0x40651, pf=0x40, revision=0x26
[ 0.492584] microcode: Microcode Update Driver: v2.2.
I know Retbleed will be fixed in software, but I have some more general questions:
- does Intel still provide microcode updates for these 4th gen CPUs for known vulnerabilities?
- if not, what kind of known vulnerabilities are out there which were not fixed/mitigated?