Intel Deploys Undisclosed Microcode Security Update For CPUs Going Back To Coffee Lake

As spotted by Linux publication Phoronix, Intel released CPU microcode updates for processors all the way back to Coffee Lake on Friday afternoon. Unfortunately, the changelog doesn't delve into details other than that the new microcode fixes an undisclosed security issue.

The security issue didn't make the list on Patch Tuesday, a colloquial term referring to companies that released patches on the second Tuesday of each month. Furthermore, Phoronix noted that there hadn't been any mentions of a CPU microcode update or any new Intel Security Advisory for the month. 

Security Advisories are fixes for vulnerabilities that Intel has discovered affecting its products. Given the sudden CPU microcode release, it's safe to assume that the security vulnerability is likely a new one that Intel hasn't publicly communicated yet. However, it's not unheard of for chipmakers to roll out security updates or microcode before the issue comes to light.

Nayeli Rico, a BIOS engineer at Intel, uploaded the release notes and source code for the microcode-20230512 release 20 hours ago. The description reads: "Security updates for [INTEL-SA-NA]." The "SA" acronym likely stands for Security Advisory; meanwhile, "NA" probably stands for "Not Available." 

Whatever the security vulnerability may be, it evidently affects many of Intel's platforms, including the latest consumer Intel 13th Generation Core Raptor Lake and 4th Generation Xeon Sapphire Rapids server chips. However, it's the first time that recent lineups, such as Alder Lake-N and Atom C series (Arizona Beach), received a microcode update. The lengthy list includes desktop processors dating as far back as the Coffee Lake days and mobile chips starting from Kaby Lake going forward.

Without proper documentation, we cannot assess the scope of the security issue. Intel's list only mentions the platforms that will receive the new microcode. It doesn't expressly state whether the issue only impacts the platforms mentioned in the list or if legacy processors before Coffee Lake are also susceptible.

Motherboard vendors typically include new microcode in their firmware updates. However, unless it's a pressing issue, sometimes it takes a bit when manufacturers release new firmware. Occasionally, it's faster for chipmakers to push the microcode update through a Windows update. However, this medium type has disadvantages since it doesn't alter the hardware or the firmware. Instead, the operating system must load the microcode during each restart.

In the meantime, the new CPU microcode update has already arrived on Linux, and Phoronix is already conducting tests to measure the performance impact on Intel's mobile Alder Lake-P and desktop Raptor Lake processors. Windows users should receive the microcode shortly.