CHIPMAKER Intel's 6th and 7th-gen Skylake and Kaby Lake CPUs have a 'critical' flaw that could cause applications to behave unpredictably, with possible data loss or corruption.
The flaw was reported by developers at Linux distribution Debian, following earlier work by OCaml toolchain developers. The issue affects all operating systems and "could cause spurious errors, such as application and system misbehaviour, data corruption, and data loss," Debian developer Henrique de Moraes Holschuh writes.
The processors exhibiting the flaw are 6th and 7th-gen Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
well as some Intel Pentium processor models. Only models released from 2015 onwards are affected.
According to the Debian blog, Intel is aware of the flaw and has apparently supplied patches, but the firm neglected to inform the OCaml researchers who originally reported the bug about this.
The flaw is detailed by Intel errata documentation as follows:
"Short Loops Which Use AH/BH/CH/DH Registers May Cause Unpredictable System Behaviour."
Problem: "Under complex micro-architectural conditions, short loops of less than 64 instructions that use AH, BH, CH or DH registers as well as their corresponding wider register (e.g. RAX, EAX or AX for AH) may cause unpredictable system behaviour. This can only happen when both logical processors on the same physical processor are active."
Implication: "Due to this erratum, the system may experience unpredictable system behaviour."
The exact conditions that could trigger the CPUs to act unpredictably are not clear, but the risk - apart from possible data corruption or loss or knock-on effects from an application behaving in an unexpected way - is that an attacker could use the flaw to craft an attack.
The defect only affects processors on which hyper-threading has been enabled, so a quick fix is to turn off this feature in the system BIOS, although this may require a BIOS/UEFI update.
For Debian 8 and 9 users, updated versions of the intel-microcode packages are available in the distro's repositories.
Intel has yet to respond to INQ's request for comment. µ
POKE no more. Oh wait, that was 30 years ago
Soon people may also be assessed by their flaws
More chat, less cloud
But firm falls short of promising a fix