Intel has revealed that it will not fix the Spectre and Meltdown flaws in all of its vulnerable processors. Announced in its new microcode revision guidance, Intel says it will be too difficult to remove flaws in the following processor families:
- Harpertown Xeon C0 and E0
- Jasper Forest
- SoFIA 3GR
- Wolfdale C0, E0, M0, R0 and Xeon E0
In its guidance release, Intel said, “After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons including, but not limited to the following:
- Micro-architectural characteristics that preclude a practical implementation of features mitigating variant 2 CVE-2017-5715.
- Limited commercially available system software support.
- Based on customer inputs, most of these products are implemented as ‘closed systems’ and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.”
The majority of these processors are from 2007, with most being purchased between 2007 and 2011.
Those with affected CPU families have been advised by Intel to discontinue use of the previously released updates due to “stability issues.”
“We’ve now completed release of microcode updates for Intel microprocessor products launched in the last 9+ years that required protection against the side-channel vulnerabilities discovered by Google. However, as indicated in our latest microcode revision guidance, we will not be providing updated microcode for a select number of older platforms for several reasons, including limited ecosystem support and customer feedback,” Intel told ZDNet.
Intel’s patches for Spectre and Meltdown have caused rebooting issues and performance slowdowns for many users.
It is still unclear whether there will be legal consequences for Intel’s decision. The company is currently facing more than 30 customer class-action lawsuits and 2 securities class-action lawsuits related to the Meltdown and Spectre flaws.