Updated information from Intel:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088
---8<---
Recommendations:
Status
Intel has made significant progress in our investigation into the
customer reboot sightings that we confirmed publicly last week
Intel has reproduced these issues internally and has developed a
test method that allows us to do so in a predictable manner
Initial sightings were reported on Broadwell and Haswell based
platforms in some configurations. During due diligence we determined
that similar behavior occurs on other products including Ivy Bridge,
Sandy Bridge, Skylake, and Kaby Lake based platforms in some
configurations
We are working toward root cause
While our root cause analysis continues, we will start making beta
microcode updates available to OEMs, Cloud service providers, system
manufacturers and Software vendors next week for internal evaluation
purposes
In all cases, the existing and any new beta microcode updates
continue to provide protection against the exploit (CVE-2017-5715) also
known as “Spectre Variant 2”
Variants 1 (Spectre) and Variant 3 (Meltdown) continue to be
mitigated through system software changes from operating system and
virtual machine vendors
As we gather feedback from our customers we will continue to provide
updates that improve upon performance and usability
Intel recommendations to OEMs, Cloud service providers, system
manufacturers and software vendors
Intel recommends that these partners maintain availability of
existing microcode updates already released to end users. Intel does not
recommend pulling back any updates already made available to end users
NEW - Intel recommends that these partners, at their discretion,
continue development and release of updates with existing microcode to
provide protection against these exploits, understanding that the
current versions may introduce issues such as reboot in some
configurations
NEW - We further recommend that OEMs, Cloud service providers,
system manufacturers and software vendors begin evaluation of Intel beta
microcode update releases in anticipation of definitive root cause and
subsequent production releases suitable for end users
---8<---
As such, current plans are to _not_ distributed updated microcode
packages to Debian stable users, until a new batch of microcode updates
are released by Intel.
"Beta" microcode updates will be initially uploaded to experimental (if
such updates are made available to Debian): do *not* assume that beta
updates "can't be worse than the current ones".
--
Henrique Holschuh
