Microcode/firmware/millicode is software that microprocessor manufacturers supply to operating system vendors to take advantage of internal features of the CPU. The authoritative source for this software is the CPU manufacturer.

The microcode_ctl mechanism to update system firmware is non-persistent in nature. The microcode is loaded during each boot operation; however, it is only applied in the event that the microcode available within /lib/firmware/ for the installed CPU is newer than the revision loaded during the hardware initialization phase of boot. Updating the system firmware to a revision that includes updated microcode is applicable to any resident software, and is recommended as a more permanent solution.

Historically, Red Hat has provided updated microcode, developed by our microprocessor partners, as a customer convenience. Red Hat temporarily suspended this practice in January 2018 while microcode stabilized.

Red Hat is once again providing an updated Intel microcode package, microcode_ctl, and AMD microcode package, linux-firmware, to customers in order to simplify deployment processes and minimize downtime.

Note: RHEL7 splits the microcode into two rpms: Intel in microcode_ctl and AMD in linux-firmware. RHEL6 and earlier releases have both Intel and AMD in the same microcode_ctl rpm.

Red Hat will continue to update these microcode packages as necessary. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended, as additional improvements may be available.

Please use the following Red Hat Customer Portal Lab App to verify systems have the necessary microprocessor firmware to address CVE-2017-5715 (variant 2).

Red Hat Customer Portal Labs - Spectre And Meltdown Detector

Note: To check your system's CPU model:

egrep -e 'model|cpu family|stepping|microcode' /proc/cpuinfo | sort | uniq

Intel Microcode Updates that mitigate CVE-2017-5715, branch target injection, Spectre-V2.

** Microcode for model number 79 CPU, aka, Broadwell EP/EX, is not automatically loaded. Please this Kbase article for more details.

AMD firmware that mitigates CVE-2017-5715, branch target injection, Spectre-V2.

What if my CPU is not listed in the table?
Red Hat will continue to update these microcode packages as necessary. Please contact your hardware vendor to determine whether more recent BIOS/firmware updates are recommended because additional improvements may be available.

More information can be found in the following reference documentation:

• Kernel Side-Channel Attacks - CVE-2017-5754 CVE-2017-5753 CVE-2017-5715
• CPU microcode available to address CVE-2018-3639

• Product(s)
• Red Hat Enterprise Linux

• Category
• Supportability

• Article Type
• General