Hi all, I found that (all) the Intel Microcode Update packages from 2018 don't contain the fixed version for my CPU Celeron N3450 (and others with same CPUID 506c9: N3350 N4200 J3455 J4205). It doesn't benefit from new commands IBRS/IBPB which indeed is reported so by spectre-meltdown-checker.sh .
Output from the kernel: microcode: microcode updated early to revision 0x2c, date = 2017-03-25 Revsion listed in Intel Microcode Update Guidance [1]: 2E I use package version 3.20180425.1~bpo9+1, but it doesn't matter, because the error is in upstream. As a result of longer search I found a source proving that version 2E is real in [2] - contains the expected fixes. But this must be included in the official package from the processor manufacturer. According to a thread in the Intel forum [3] there are more cases like this. While I know how to replace the microcode file, many are supposedly not aware about what is missing. So please connect to (and/or blame at your option) Intel. [1] https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf [2] https://github.com/platomav/CPUMicrocodes/blob/master/Intel/cpu506C9_plat03_ver0000002E_2017-11-22_PRD_2798C414.bin [3] https://communities.intel.com/message/542691#542691
