In an update to its mitigation guide, Intel has revealed that it won’t be patching the second variant of Spectre for certain families of its processors that are affected by Meltdown and Spectre vulnerabilities.
Intel says that this decision comes due to at least one of the three reasons: it was impractical to create an update due to micro-architectural characteristics, the processors are not widely supported, or they were mostly being used in closed systems and therefore less likely to be exploited:
After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons including, but not limited to the following:
- Micro-architectural characteristics that preclude a practical implementation of features mitigating variant 2 CVE-2017-5715.
- Limited commercially available system software support.
- Based on customer inputs, most of these products are implemented as "closed systems" and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.
The list of families affected by this decision is as follows:
- Bloomfield
- Bloomfield Xeon
- Clarksfield
- Gulftown
- Harpertown Xeon C0
- Harpertown Xeon E0
- Jasper Forest
- Penryn/QC
- SoFIA 3GR
- Wolfdale C0
- Wolfdale M0
- Wolfdale E0
- Wolfdale R0
- Wolfdale Xeon C0
- Wolfdale Xeon E0
- Yorkfield
- Yorkfield Xeon
Intel announced last month that its 8th-generation chips come with built-in mitigation for the vulnerabilities.
While the company has patched most of its widely used families of processors - including its 6th-, 7th-, and 8th-generation chips, the decision to not patch some of its older CPUs - the latest of them appear to be from 2012 - may pose trouble for some of its customers.
via ZDNet