Red Hat is releasing updates that are reverting previous patches for the Spectre vulnerability (Variant 2, aka CVE-2017-5715) after customers complained that some systems were failing to boot.
“Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot,” the company said yesterday.
“The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes to versions that were known to be stable and well tested, released prior to the Spectre/Meltdown embargo lift date on Jan 3rd,” Red Had added.
Red Hat tells users to contact CPU/OEM vendors
Instead, Red Hat is recommending that each customer contact their OEM hardware provider and inquire about mitigations for CVE-2017-5715 on a per-system basis.
Besides Red Hat Enterprise Linux, other RHEL-based distros like CentOS and Scientific Linux are also expected to be affected by Red Hat’s decision to revert previous Spectre Variant 2 updates, so these users will also have to contact CPU/OEM vendors.
CVE-2017-5715 is the identification number for one of three bugs known as Meltdown (CVE-2017-5754) and Spectre (Variant 1 – CVE-2017-5753, and Variant 2 – CVE-2017-5715).
Most experts have always said that only Meltdown and Spectre Variant 1 could be theoretically be addressed via an OS-level patch, Spectre Variant 2 requiring a firmware/BIOS/microcode update to patch fully.
Earlier this week, Bleeping Computer put together a list of places where users could find BIOS updates for the Spectre flaw.
Spectre patch previously caused problems for AMD, Intel, Microsoft
The Spectre patching process has been complex and challenging for all hardware and software vendors. Red Hat deferring Spectre patching to CPU manufacturers and OEM vendors is not a surprise.
Microsoft had to pause the rollout of Spectre patches for computers using AMD devices after encountering similar issues with computers that failed to boot. The OS maker recently resumed those patches after working with AMD to resolve the problems.
Intel admitted similar issues and said it was investigating an issue with Spectre patches for older Broadwell and Haswell CPUs that introduced higher system reboot rates.
The Spectre patch is additionally causing issues for users with custom antivirus software on Windows, and Microsoft is threatening to stop all future security updates unless the antivirus software adds a special registry key that guarantees the antivirus won’t crash the PC because it’s not compatible with the Windows Spectre patch.