Intel CEO Brian Krzanich said on Thursday, March 15 that the first processors to see hardware changes that address the Meltdown and Spectre flaws will be the company’s next-generation “Cascade Lake” Xeon Scalable chips for the server market, and eighth-generation Core processors shipping to the mainstream market in the second half of 2018.
“We have redesigned parts of the processor to introduce new levels of protection through partitioning that will protect against both Variants 2 and 3,” Krzanich said. “Think of this partitioning as additional ‘protective walls’ between applications and user privilege levels to create an obstacle for bad actors.”
As previously reported, Meltdown (CVE-2017-5754), Spectre Variant 1 (CVE-2017-5753) and Spectre Variant 2 (CVE-2017-5715) are three exploits presented in January by Google Project Zero, Cybrus Technology, and Graz University of Technology. They take advantage of how modern processors “think ahead” while computing multiple instructions using a technique called speculative execution.
More specifically, processors “predict” the outcome of their tasks based on information stored in memory. This method speeds up the overall computing process but leaves all that unsecured data wide open for the picking as seen with the Meltdown and Spectre exploits. Since their public disclosure in January, processor manufacturers including Intel and Qualcomm have scrambled to fix the glaring hardware-based security issues.
On the Intel front, the company released an initial batch of updates but hit the brakes when customers began experiencing problems. After regrouping and ironing out the kinks, a second wave of updates arrived to plug the security holes without issues. According to Krzanich, 100 percent of the processors released over the last five years are now protected against Meltdown and Spectre exploits as long as customers actually apply the updates.
“With these updates now available, I encourage everyone to make sure they are always keeping their systems up-to-date. It’s one of the easiest ways to stay protected,” Krzanich said. “As part of this, I want to recognize and express my appreciation to all of the industry partners who worked closely with us to develop and test these updates, and make sure they were ready for production.”
To date, updates addressing Meltdown and Spectre are available for all Intel processors ranging from its second-generation “Sandy Bridge” CPUs to its recent eighth-generation “Coffee Lake” chips. You can see the generational release of your processor by spotting the number after the hyphen in the processor’s name, such as the “6” in the sixth-generation Intel Core i7-6820HK. Intel is still working on fixes for its first-generation “Nahalem” and “Westmere” CPUs.
The eighth-generation processors slated to arrive in the second half of 2018 likely stem from Intel’s “Cannon Lake” family based on 10nm process technology. It’s essentially a smaller version of Intel’s seventh-generation processor design, aka Kaby Lake, which began shipping to mobile device manufacturers at the end of 2017. Intel’s ninth-generation “Ice Lake” processors for 2019 will have protections against Meltdown and Spectre exploits as well.
“Our work is not done,” Krzanich concluded. “This is not a singular event; it is a long-term commitment. One that we take very seriously.”