1

I have a Dell laptop with a Haswell CPU, and the recent Retbleed vulnerabilities made me think how vulnerable it is in general. The whitepaper implies Haswell quite a lot, but it wasn't tested. I keep my microcode package up-to-date, but it seems there wasn't any upgrade in the past 2.5 years:

# dmesg|grep microcode
[    0.000000] microcode: microcode updated early to revision 0x26, date = 2019-11-12
[    0.492516] microcode: sig=0x40651, pf=0x40, revision=0x26
[    0.492584] microcode: Microcode Update Driver: v2.2.

I know Retbleed will be fixed in software, but I have some more general questions:

  • does Intel still provide microcode updates for these 4th gen CPUs for known vulnerabilities?
  • if not, what kind of known vulnerabilities are out there which were not fixed/mitigated?
Improve this question

2 Answers 2

Reset to default
1
  • The Windows OS is not affected (already has working software mitigations).
  • Linux (upcoming kernel 5.19) and other UNIX'es will fix this in software.

In any case microcode updates are not required for its mitigation. This attack is extremely difficult to carry out, so you may sleep safe.

Improve this answer
2
  • Retbleed wasn't really my question, just the trigger to the real questions in the two bulletpoints. I will make that clearer
    – schaman
    Commented Jul 24, 2022 at 23:00
  • In any case firmware updates are not required for its mitigation; if not, what kind of known vulnerabilities are out there which were not fixed/mitigated - none. Microcode updates were never required in the first place other than addressing ERRATAs. Such updates can potentially make the CPU run faster with software mitigations - that's it.
    – Artem S. Tashkinov
    Commented Jul 25, 2022 at 4:54
0

does Intel still provide microcode updates for these 4th gen CPUs for known vulnerabilities?

I don't think so, even most of 6th gen is at EOL status, you don't get microcode updates after EOL, but I don't think that is the main issue as security goes.

if not, what kind of known vulnerabilities are out there which were not fixed/mitigated?

I believe 4th gen has an old version of TPM, TPM is what protects against bootkits and rootkits, if you were to install windows 11 you wouldn't be able to get security updates.

Improve this answer
1
  • I was under the impression that microcode updates continued for even very old processor generations.
    – forest
    Commented Aug 12, 2022 at 1:47

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .