The Spectre & Meltdown mess continues with Dell now recommending their customers do not install the BIOS updates that resolve the Spectre (Variant 2) vulnerabilities. These updates have been causing numerous problems for users including performance issues, boot issues, reboot issues, and general system instability.
Due to this, Dell EMC has updated their enterprise knowledge base article with the following statement advising customers to not install the BIOS update and to potentially rollback to the previous BIOS if their computers are exhibiting "unpredictable system behavior".
Patch Guidance (update 2018-01-22):
Intel has communicated new guidance regarding "reboot issues and unpredictable system behavior" with the microcode included in the BIOS updates released to address Spectre (Variant 2), CVE-2017-5715. Dell is advising that all customers should not deploy the BIOS update for the Spectre (Variant 2) vulnerability at this time. We have removed the impacted BIOS updates from our support pages and are working with Intel on a new BIOS update that will include new microcode from Intel.
If you have already deployed the BIOS update, in order to avoid unpredictable system behavior, you can revert back to a previous BIOS version. See the tables below.
As a reminder, the Operating System patches are not impacted and still provide mitigation to Spectre (Variant 1) and Meltdown (Variant 3). The microcode update is only required for Spectre (Variant 2), CVE-2017-5715.
In order to facilitate the rolling back to a previous BIOS version, Dell has a table listing the Spectre fix BIOS versions that customers should not use and the recommended BIOS versions that a customer should roll back to.
For home users, Dell has issued a separate advisory where they do no specifically state that a user should rollback the BIOS update. This is probably due to Dell not thinking that a home computer is mission critical. This advisory also includes a list of BIOS that can be rolled back to.
This news comes on the heels of LinusTorvalds' remarks on how he felt the Linux patches for Spectre are "utter garbage".
UPDATE [January 23, 22:00 UTC]: HP has issued a similar recommendation, advising users to not install the Intel Meltdown and Spectre patches, even going as far as reissuing BIOS updates with older Intel CPU microcode.
UPDATE [January 31, 12:56 EST]: Included a link to Dell's consumer advisory regarding the Spectre updates.
Comments
Bulgaristan - 6 years ago
Good to let us know after we already patched :(
herbman - 6 years ago
Yeah , i finally was able to update the bios with everything working well and now they want me to roll back .
Occasional - 6 years ago
"The Spectre & Meltdown mess continues..."
Been referring to it as M/S, but S&M could be appropriate, too (given the pain being applied and absorbed). Dell joining AMD on the back-peddling. I suppose that Linus fellow knows something about the Linux situation, too.
As I asked on another site: "Anyone keeping score?" Has anyone who hasn't done anything to mitigate the M/S vulnerabilities suffered from an exploitation? Would the world have been a better place today, if a few people had kept their mouths shut?