Re: [RFC][PATCH] x86/cpu/bugs: Consider having old Intel microcode to be a vulnerability
From: Andrew Cooper
Date: Wed Nov 13 2024 - 21:09:23 EST
>> == Microcode Revision Discussion == The microcode versions in the
>> table were generated from the Intel microcode git repo: 29f82f7429c
>> ("microcode-20241029 Release")
> This upstream microcode release only contained an update for a
> functional issue[1] - not any fixes for security issues.
Now I can point at them, see the release notes for 8ac9378a8487
("microcode-20241112 Release").
Note how it's admitting to have fixed security issues silently in prior
drops. If I were you, I wouldn't make assumptions based on what's not
said in the release notes.
I can count on one hand the number of drops in that repo which I know
(or reasonably suspect) to be "functional issues only", but the one you
happened to reference is a fix for "this CPU overvolts itself to an
early grave". Many would consider this a denial of service, against
ones wallet if nothing else.
~Andrew