"CROSSTalk" CPU vulnerabilty (cross-core data leak)
-
When this Crosstalk microcode update hit last week there was an issue with certain Intel CPUs where we coudn't boot after the patch was applied. I run Linux Mint on my laptop and I couldn't boot it after taking the microcode update. I had to boot into recovery and then
apt remove intel-microcode
to get it back to a working state. Later that day, Ubuntu (or whoever) released a new intel-microcode update that corrected the problem.Not sure if this is even remotely close to the same issue but wanted to put this out there.
-
Has anyone else encountered this issue? Wondering if these patches should be pulled until this gets resolved.
-
As far as I know, those patches work well on Citrix' test hosts. They also work well on our hosts at Vates. The microcodes underwent Intel's QA so I don't expect them to break on the vast majority of hardware, though there are reports of issues with some specific models. In @demanzke's case, reverting to the previous microcode did not fix the issue so at first it doesn't look like it's related to the microcode.
-
Intel just released updated microcode (actually it's a revert) for some models: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases
I'll update the microcode_ctl package.
The "older" microcode that is used instead is still recent enough to contain the fixes against CROSSTalk / SRBDS.Or so I had understood, but I can't find evidence about it. -
-
Hi do i need to patch my xenserver using AMD EPYC ? Those patches get offered to my AMD nodes by XO.
On intel Xeon nodes it makes sense to me .... -
I would say: always apply patches, but you are free to reboot when you want. Obviously, for you, it won't change anything (no microcode update) but keeping your hosts up to date is a good practice
-
@stormi said in "CROSSTalk" CPU vulnerabilty (cross-core data leak):
Intel just released updated microcode (actually it's a revert) for some models: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases
I'll update the microcode_ctl package.
The "older" microcode that is used instead is still recent enough to contain the fixes against CROSSTalk / SRBDS.Or so I had understood, but I can't find evidence about it.So should I wait applying these updates? You seem to be unsure of which microcode version to distribute.
-
I'm unsure for Skylake. Not for other CPUs.
-
Thanks for the clarification. No Skylake present, so I will proceed.
-
Finally got some time to test your suggestions.
Removing the microcode_ctl package without dependencies did not help.
Here are both initial ramdisks for anyone interested to look at.Reinstalling XCP, then ZFS, then updating all packages worked fine.
-
@demanzke So this time no boot issue after installing the update?
-
@stormi Exactly. Must've been related to something other than just the latest packages.