It hasn’t been a fun time to be Intel. Last week the company revealed two chip vulnerabilities that have come to be known as Spectre and Meltdown and have been rocking the entire chip industry ever since (not just Intel). This week the company issued some patches to rectify the problem. Today, word leaked that some companies were having a reboot issue after installing them. A bad week just got worse.
The company admitted as much in a blog post penned by Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel.
“We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center,” Shenoy wrote.
He added, “If this requires a revised firmware update from Intel, we will distribute that update through the normal channels.”
Just when you couldn’t think this situation could spiral any more out of Intel’s control, it did. The Wall Street Journal is reporting it got its hands on a confidential memo issued by the company and shared with large companies and cloud providers not to install the patches. It’s important to note that Intel is advising consumers to install all patches, and they point out this isn’t a security issue.
It’s just a bad software issue and while they should have made certain this was rock solid, a situation like this tends to lead to pressure that leads to mistakes — and that’s probably what happened here.
The Spectre and Meltdown issues were discovered last year by Google’s Project Zero security team. They found that because of a flaw in modern chip architecture, designed for speed over security, the chip kernel could be exposed. This is where private information like passwords and encryption keys are stored and supposed to be protected. Instead, because of this flaw they could be unprotected.
Meltdown affects just Intel chips, while Spectre affects just about all modern chips, including AMD, ARM, IBM Power chips and Nvidia. Raspberry Pi appears to be the only computer spared from this.
So far there hasn’t been a documented case of anyone taking advantage of this exploit, which, Google pointed out in a blog post yesterday, has existed in chips for 20 years, but security experts have suggested it would be hard to attribute an issue to this particular exploit, even if they had known about it.