Intel has admitted that PCs and servers are experiencing unexpected reboots after applying a patch designed to address the Spectre and Meltdown processor flaws.
Spectre and Meltdown are design flaws in modern CPUs that could allow hackers to bypass system protections on a wide range of devices, allowing attackers to read sensitive information, such as passwords, from memory.
Intel began making software and firmware updates available to mitigate attacks exploiting these flaws last week, pushing them out via system manufacturers. However, yesterday the chip maker admitted these updates were causing certain computers to unexpectedly reboot.
The random reboots appear to be affecting both PCs and servers that use Intel Broadwell and Haswell processors.
SEE: Incident response policy (Tech Pro Research)
“We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels,” wrote Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel.
Despite the issues, Shenoy says that computer users and admins should “continue to apply updates recommended by their system and operating system providers”.
While tech firms have been preparing updates to mitigate the Spectre and Meltdown flaws for months, details of the vulnerabilities leaked out early.
In the rush to issue patches there have been other instances of Spectre and Meltdown updates causing problems of their own.
Microsoft recently said that Windows PCs won’t receive any further security updates until third-party AV software is verified as compatible with Windows patches for Spectre and Meltdown.
And chipmaker AMD has been working with Microsoft to resolve problems after the patches caused PCs running on some older AMD Opteron, Athlon and AMD Turion X2 Ultra processors to refuse to boot. AMD said yesterday the issue should be resolved shortly.
AMD also announced that, starting this week, it will address the branch target injection exploit for Spectre by making microcode updates available for its Ryzen and Epyc processors. Updates for older processors will follow in the “coming weeks”, with all updates being made available via OS vendors and system manufacturers. The Meltdown flaw doesn’t affect AMD processors.
As well as triggering undesirable behaviour the Spectre patches are degrading machine performance, particularly for older processors.
Microsoft said earlier this week that people running computers on 2015-era Intel Haswell or earlier processors would see the biggest performance slowdown, particularly if they weren’t using Windows 10. Those running Windows 10 systems on newer CPUs would see minimal impact, it said. Microsoft cautioned the performance of Windows Server systems could suffer a more significant impact, “especially in any IO-intensive application”.
Intel has also published data, gathered both from users and its own synthetic benchmarks, which identified a real-world performance hit of between about six and eight percent across all systems. Like Microsoft, it found that computers running on 8th-generation processors suffered a smaller impact than those running 7th- or 6th-generation CPUs.
Apple claims that performance of Macs, iPhones and iPads is largely unaffected by the patches, stating “our testing with public benchmarks has shown that the changes in the December 2017 updates resulted in no measurable reduction in the performance of macOS and iOS as measured by the GeekBench 4 benchmark, or in common Web browsing benchmarks”.
Major cloud providers, AWS, Google and Microsoft say that, for the majority of workloads, customers should not notice a difference in performance following the updates. However, there have been reports from some customers of a drop off. AWS customer Epic Games attributed a more than 20 percent spike in CPU load on a cloud server hosting games of Fortnite to the impact of the Spectre and Meltdown patches.
- Spectre and Meltdown: Insecurity at the heart of modern CPU design (ZDNet)
- Microsoft says older Windows versions will face greatest performance hits after Meltdown, Spectre patches (ZDNet)
- PC over 2 years old? Expect slowdowns from Spectre fixes, says Microsoft, especially if you’re not on Windows 10 (TechRepublic)
- Windows Meltdown patch: No more security updates for your PC if your AV isn’t compatible (TechRepublic)
- How the Meltdown and Spectre chip flaws will impact cloud computing (TechRepublic)
- Windows Meltdown patch: Find out if your PC is compatible (TechRepublic)
- Emergency Windows Meltdown patch may be incompatible with your PC (TechRepublic)
- Massive Intel CPU flaw: Understanding the technical details of Meltdown and Spectre(TechRepublic)
- Critical flaws revealed to affect most Intel chips since 1995 (ZDNet)
- Nope, no Intel chip recall after Spectre and Meltdown, CEO says (CNET)
- Intel chips have critical design flaw, and fixing it will slow Linux, Mac, and Windows systems (TechRepublic)