Intel Fends off PLATYPUS Vulnerability With Microcode Update
Update is available for Linux users right now.
As reported by Phoronix, Intel has just released a new CPU microcode update, version 20201110 , which covers a large number of Intel's CPUs, spanning from 6th Gen Core series processors to 11th Gen "Tiger Lake" CPUs. The update patches a whopping 40 security holes including the "PLATYPUS" vulnerability.
The PLATYPUS vulnerability allows an attacker to manipulate the CPU's power interface system and grab sensitive information thru it. This is due to the power interface being readable, and thus, manipulatable without administrative rights. The patch fixes the issue by locking down the system to admin access only.
Another issue the microcode addresses is an information disclosure vulnerability that allows an attacker to obtain data on previous AVX instruction executions via the fast store forward predictor.
Finally, the microcode update fixes a few functional issues not pertaining to security, which includes Ice Lake CPUs crashing or hanging due to VT-d and USB Type-C issues. Plus a Xeon Cascade Lake fix for interrupts when a core exits the C6 state.
Linux users can find instructions for manually updating their firmware on Intel's Github page. However, it's likely that Microsoft and other OS vendors will include automated updates that include the new microcode.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Aaron Klotz is a contributing writer for Tom’s Hardware, covering news related to computer hardware such as CPUs, and graphics cards.
-
NightHawkRMX What, there must me an error. Intel having a security vulnerability is unheard of, let alone one that needs a patch which will reduce performance.Reply
/S