A security flaw is affecting Intel's Skylake/Kaby Lake CPUs

Jun 25, 2017 23:59 GMT  ·  By

Debian developer Henrique de Moraes Holschuh is warning users of the popular GNU/Linux distribution about a new security flaw that affects Intel's 6th and 7th generation Skylake and Kaby Lake processors supporting HyperThreading.

Affecting all operating systems types, the issue has a huge impact on all of the Intel CPUs from the 6th and 7th generation, including desktop, mobile, embedded, and HEDT (High-End Desktop), as well as related server processors from the Xeon 5 and Xeon 6 series and select Intel Pentium processor models.

Debian Project appears to be the first to issue a warning for its users using the Debian GNU/Linux operating system on their computers powered by Intel Skylake or Kaby Lake processors with HyperThreading enabled, urging them to immediately disable the feature from the BIOS or UEFI settings or update the processor microcode.

"This defect can, when triggered, cause unpredictable system behavior: it could cause spurious errors, such as application and system misbehavior, data corruption, and data loss," reads the mailing list announcement. "Disable HyperThreading immediately in BIOS/UEFI to work around the problem."

Updated intel-microcode packages are available for Debian 9 and 8

Debian devs already released updated intel-microcode package for both Debian GNU/Linux 9 "Stretch" and Debian GNU/Linux 8 "Jessie" operating system series, urging Intel Skylake and Kaby Lake users to update as soon as these are approved and available in the "non-free" or "jessie-backports" repositories.

If you don't know if your computer has either an Intel Skylake or Kaby Lake processor with HyperThreading, check out the advisory to see how you can find out the model name of your CPU. In any case, it's best that you immediately disable HyperThreading and do not enable it again until you've update the BIOS/UEFI to fix the issue.