Intel’s efforts to issue fixes for the Spectre and Meltdown CPU vulnerabilities are still hitting some bumps in the road, a company executive said in a blog post.
“We have now issued firmware updates for 90 percent of Intel CPUs introduced in the past five years, but we have more work to do,” said Navin Shenoy, EVP and general manager of Intel’s data center group.
Last week, Shenoy wrote that the firmware was causing an uptick in reboots on updated systems with older Broadwell and Haswell chips. In his latest post, Shenoy said that “similar behavior” is occurring with products running Intel’s newest chips, Skylake and Kaby Lake. Ivy Bridge and Sandy Bridge CPUs are also experiencing the issue.
“We have reproduced these issues internally and are making progress toward identifying the root cause,” Shenoy wrote. “In parallel, we will be providing beta microcode to vendors for validation by next week.”
Intel is among a slew of software and hardware vendors racing to mitigate the vulnerabilities, which were first revealed by researchers in January but have been present in CPU architectures for 20 years.
While no successful exploits of the vulnerabilities have yet been reported, they are considered particularly pernicious, given that the vast majority of computers today are affected. An attacker could use the vulnerabilities to hack into one program and then steal data, such as passwords or confidential data, stored in other programs.
Shenoy also revealed that Intel’s firmware updates are causing performance impacts beyond the rebooting issues.
Intel ran tests using two-socket Skylake servers and found the performance hits vary depending on the type of workloads and configurations, he wrote: “Generally speaking, the workloads that incorporate a larger number of user/kernel privilege changes and spend a significant amount of time in privileged mode will be more adversely impacted.”
Common workloads for enterprise and cloud customers could see an impact of up to 2 percent. An OLTP (online transaction processing) benchmark that simulates a brokerage firm’s interactions with customers and stock exchanges experienced a 4 percent hit.
Intel also tested storage benchmarks, finding a performance hit of up to 25 percent, depending on the scenario.
The difficulties Intel is facing with the firmware updates aren’t unexpected. A number of security experts recently told Threatpost that mitigating the vulnerabilities will be a moving target. Between the two, Spectre is more difficult to exploit, but also harder to patch, they said.