Intel has updated the microcode for processors to address five security vulnerabilities. A new code has been added to the Linux core to mitigate the impact of a new vulnerability related to register file data sampling (RFDS), affecting ATOM and E processors.
The microcode updates target vulnerabilities SA-00972, SA-00982, SA-00898, SA-00960, and SA-01045. These updates address issues such as potential denial of service due to processor hanging, information leakage through processor return predictions, medium-severity RFDS vulnerability, and escalation vulnerabilities in 3rd and 4th generation XEON processors with SGX technologies and tdx.
Furthermore, the new processor microcode includes fixes for functional issues affecting processors from Core Ultra “Meteor Lake” to 7th generation processors Core, as well as 4th and 2nd generation Xeon Scalable processors. Intel has also released microcode files for Meteor Lake and Emerald Rapids processors for the first time.
Users can download the new Intel microcode files from github.
In the Linux kernel, a protection mechanism has been implemented to address the RFDS vulnerability related to selecting data from the register file. This vulnerability could allow attackers to retrieve outdated register values from the kernel. To safeguard against potential exposure of confidential data in registers, the protection measure involves clearing register values before returning to user space.
The register file data vulnerability impacts Intel Atom and E processors, starting from Goldmont, Tremont, Alder Lake, Raptor Lake, and Gracemont.