'Critical flaw' discovered in Intel's Skylake and Kaby Lake CPUs

John Leonard
clock • 2 min read

Flaw in 6th and 7th gen CPUs could cause applications to behave unexpectedly, data loss or corruption

Intel's 6th and 7th generation Skylake and Kaby Lake processors have a ‘critical' flaw that could cause applications to behave unpredictably, with possible data loss or corruption.

The flaw was reported by developers at Linux distribution Debian, following earlier work by OCaml toolchain developers. The issue affects all operating systems and "could cause spurious errors, such as application and system misbehaviour, data corruption, and data loss," Debian developer Henrique de Moraes Holschuh writes.

The processors exhibiting the flaw are 6th and 7th generation Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
well as some Intel Pentium processor models. Only models released from 2015 onwards are affected.

According to the Debian blog, Intel is aware of the flaw and has apparently supplied patches, but the firm neglected to inform the OCaml researchers who originally reported the bug about this.

The flaw is detailed by Intel errata documentation as follows:

Errata: SKZ7/SKW144/SKL150/SKX150/SKZ7/KBL095/KBW095
"Short Loops Which Use AH/BH/CH/DH Registers May Cause Unpredictable System Behavior."

Problem:  "Under complex micro-architectural conditions, short loops of less than 64 instructions that use AH, BH, CH or DH registers as well as their corresponding wider register (e.g. RAX, EAX or AX for AH) may cause unpredictable system behavior. This can only happen when both logical processors on the same physical processor are active."

Implication: "Due to this erratum, the system may experience unpredictable system behavior."

The exact conditions that could trigger the CPUs to act unpredictably are not clear, but the risk - apart from possible data corruption or loss or knock-on effects from an application behaving in an unexpected way - is that an attacker could use the flaw to craft an attack.

The defect only affects processors on which hyperthreading has been enabled, so a quick fix is to turn off this feature in the system BIOS, although this may require a BIOS/UEFI update.

For Debian 8 and 9 users, updated versions of the intel-microcode packages are available in the distro's repositories.

Computing has requested comment on this issue from Intel.

Related Topics

You may also like
Intel splits in two, signs deal with Microsoft

Chips and Components

Intel splits in two, signs deal with Microsoft

'We want to be the foundry for the world'

clock 22 February 2024 • 7 min read
Intel unveils major AI leap in upcoming CPUs

Chips and Components

Intel unveils major AI leap in upcoming CPUs

Panther Lake processors to debut in 2025

clock 30 January 2024 • 3 min read
Davos 2024 Day 3: Global leaders discuss adoption of AI and its potential risks

Compliance

Davos 2024 Day 3: Global leaders discuss adoption of AI and its potential risks

UN chief warns against reckless pursuit of AI profits by tech giants

clock 18 January 2024 • 3 min read
John Leonard
Author spotlight

John Leonard

View profile
More from John Leonard

How a council consolidated security tools and saved 40%

More layoffs at Google, as company fires protesters

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Chips and Components

Voyager 1 back in action: NASA engineers fix 24-billion-km glitch
Chips and Components

Voyager 1 back in action: NASA engineers fix 24-billion-km glitch

Jiggled the code a bit to make it work

Dev Kundaliya
clock 24 April 2024 • 2 min read
AMD's new chips bring AI to business laptops
Chips and Components

AMD's new chips bring AI to business laptops

Claims 84% efficiency gains

Dev Kundaliya
clock 17 April 2024 • 2 min read
Microsoft claims 'most reliable logical qubits on record'
Chips and Components

Microsoft claims 'most reliable logical qubits on record'

We're entering the age of resilient quantum computing, say Microsoft and Quantiniuum

Dev Kundaliya
clock 04 April 2024 • 2 min read