22 lines
801 B
ReStructuredText
22 lines
801 B
ReStructuredText
.. SPDX-License-Identifier: GPL-2.0
|
|
|
|
=============
|
|
Old Microcode
|
|
=============
|
|
|
|
The kernel keeps a table of released microcode. Systems that had
|
|
microcode older than this at boot will say "Vulnerable". This means
|
|
that the system was vulnerable to some known CPU issue. It could be
|
|
security or functional, the kernel does not know or care.
|
|
|
|
You should update the CPU microcode to mitigate any exposure. This is
|
|
usually accomplished by updating the files in
|
|
/lib/firmware/intel-ucode/ via normal distribution updates. Intel also
|
|
distributes these files in a github repo:
|
|
|
|
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files.git
|
|
|
|
Just like all the other hardware vulnerabilities, exposure is
|
|
determined at boot. Runtime microcode updates do not change the status
|
|
of this vulnerability.
|