Web lists-archives.com

Re: Status of Intel-related vulnerabilities and bugs?




On Tue, 10 Apr 2018, Niclas Arndt wrote:
> 1. Can the latest microcode updates still in stretch-backports be
> trusted to run properly by now?
> https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf

Yes, these microcode updates are stable.

The same might or might not be true for your kernel when it activates
the new codepaths to support IBPB and IBRS (the new functionality added
by the Spectre-related microcode updates), though.  This is the reason
we are waiting for at least one extra month yet before we push them to
Debian stable and oldstable.

If the kernel malfunctions on the new microcode, boot with "noibpb"
and/or "noibrs" to disable the new codepaths.

-- 
  Henrique Holschuh