Engineering New Protections Into Hardware

Overview

In 2018, the class of speculative execution side channel vulnerabilities, commonly referred to as Spectre and Meltdown, presented a unique challenge to Intel and the entire industry. Intel provided microcode updates (MCU) supporting nearly 10 years of Intel® products, which were coupled with updates from our partners to help protect against these vulnerabilities. We have also taken steps to integrate these protections into our hardware.

Side Channel Mitigation by Product CPU Model

The table below provides details on how the protections are integrated into Intel® products:

CPU Model and Stepping

V1, Spectre

V2, Spectre

V3, Meltdown

V3a

V4

L1TF, Foreshadow

MFBDS, RIDL

MSBDS, Fallout

MLPDS

MDSUM

TAA

Intel64 Family 6 Model 142 Stepping 11

Software

MCU + Software

Hardware

MCU

MCU + Software

Hardware

Hardware

MCU + Software

MCU + Software

MCU + Software

MCU + Software

Intel64 Family 6 Model 142 Stepping 12

Software

Hardware + Software

Hardware

MCU

Hardware + Software

Hardware

Hardware

Hardware

Hardware

Hardware

MCU + Software

Intel64 Family 6 Model 158 Stepping 11

Software

MCU + Software

Software

MCU

MCU + Software

MCU + Software

MCU + Software

MCU + Software

MCU + Software

MCU + Software

MCU + Software

Intel64 Family 6 Model 158 Stepping 12

Software

MCU + Software

Hardware

MCU

MCU + Software

Hardware

Hardware

MCU + Software

MCU + Software

MCU + Software

MCU + Software
Intel64 Family 6 Model 158 Stepping 13 Software Hardware + Software

Hardware

MCU Hardware + Software Hardware

Hardware

Hardware

Hardware

Hardware

MCU + Software

2nd Generation Intel® Xeon® Processors (Formerly Cascade Lake)

Software

Hardware + Software

Hardware

Hardware

Hardware + Software

Hardware

Hardware

Hardware

Hardware

Hardware

MCU + Software
Intel64 Family 6 Model 55, 74, 76, 77, 90, 93, 110, 101, 117
Software MCU + Software Software MCU Not Affected Not Affected Not Affected MCU + Software Not Affected MCU + Software Not Affected
Intel64 Family 6 Model 95, 92
Software
MCU + Software
Not Affected
MCU + Software MCU + Software
Not Affected
Not Affected
Not Affected
Not Affected
Not Affected
Not Affected
Intel64 Family 6 Model 122
Software
MCU + Software
Software
MCU + Software MCU + Software
Not Affected
Not Affected
Not Affected
Not Affected
Not Affected
Not Affected

Alias(es)

V1, Spectre

V2, Spectre

V3, Meltdown

V3a

V4

L1TF, Foreshadow

MFBDS, RIDL

MSBDS, Fallout

MLPDS

MDSUM

TAA

Variant

Bounds Check Bypass

Branch Target Injection

Rogue Data Cache Load

Rogue System Register Read

Speculative Store Bypass

L1 Terminal Fault

Microarchitectural Fill Buffer Data Sampling

Microarchitectural Store Buffer Data Sampling

Microarchitectural Load Port Data Sampling

Microarchitectural Sampling Uncacheable Memory

Transactional Asynchronous Abort

CVE(s)

CVE-2017-5753

CVE-2017-5715

CVE-2017-5754

CVE-2018-3640

CVE-2018-3639

CVE-2018-3615, CVE-2018-3620, CVE-2018-3646

CVE-2018-12130

CVE-2018-12126

CVE-2018-12127

CVE-2019-11091

CVE-2019-11135

Frequently Asked Questions

Q1. Are there any differences in the level of protection provided by software mitigated and hardware mitigated versions of these SKUs?

A: No. We expect that the level of protection equivalent whether you have microcode update (MCU) based or hardware-based mitigations in place. The hardware-based mitigations are part of our ongoing commitment to advance security at the silicon level.

Q2. Are there any differences in performance between software mitigated and hardware mitigated versions of these SKUs?

A: For application based workloads, representative of typical usage, such as SYSmark* 2014 SE, PCMark10, WebXPRT 2015, and 3DMark Skydiver Physics the data confirms that the performance between steppings is the same within the normal run to run variation. For some synthetic I/O workloads, we have observed a performance difference between steppings. These synthetic I/O workloads are not representative of mainstream usage.

Q3: How do I determine what I have and how side channel vulnerabilities are mitigated?

A: From the Microsoft Windows Command prompt run “wmic cpu get caption”. Use the result to cross reference the table below.

Q4. What does the “CPU Caption” tell me and how does it map to product SKU?

A: The product caption gives information of what product model and silicon stepping you have. You can see for example on Model 142, as we moved from Stepping 11 to Stepping 12 we integrated hardware mitigations for Variant 2 and L1TF. To determine which products models and stepping maps to what SKU, see the table below.

Product SKU Mapping to CPU Caption

CPU Model and Stepping

SKU

Intel64 Family 6 Model 142 Stepping 11

Intel® Core™ i7-8565U Processor
Intel® Core™ i5-8265U Processor
Intel® Core™ i3-8145U Processor
Intel® Celeron® Processor 4205U
Intel® Pentium® Gold 5405U Processor

Intel64 Family 6 Model 142 Stepping 12

Intel® Core™ i7-8665U Processor

Intel® Core™ i7-8565U Processor

Intel® Core™ i5-8365U Processor

Intel® Core™ i5-8265U Processor
Intel® Core™ i3-8145U Processor

Intel® Celeron® Processor 4305U

Intel® Celeron® Processor 4205U
Intel® Pentium® Gold 5405U Processor

Intel64 Family 6 Model 158 Stepping 11

Intel® Core™ i3-9350K Processor
Intel® Core™ i3-9350KF Processor

Intel® Core™ i3-9320 Processor
Intel® Core™ i3-9300 Processor
Intel® Core™ i3-9300T Processor
Intel® Core™ i3-9100 Processor
Intel® Core™ i3-9100T Processor
Intel® Core™ i3-9100F Processor

Intel® Pentium® Gold G5620 Processor
Intel® Pentium® Gold G5600 Processor
Intel® Pentium® Gold G5600T Processor
Intel® Pentium® Gold G5420 Processor
Intel® Pentium® Gold G5420T Processor

Intel® Celeron® Processor G4950
Intel® Celeron® Processor G4930
Intel® Celeron® Processor G4930T

Intel64 Family 6 Model 158 Stepping 10

Intel® Core™ i7-9750H Processor
Intel® Core™ i5-9300H Processor

Intel® Core™ i5-9600 Processor
Intel® Core™ i5-9600T Processor
Intel® Core™ i5-9500 Processor
Intel® Core™ i5-9500T Processor
Intel® Core™ i5-9400 Processor
Intel® Core™ i5-9400T Processor
Intel® Core™ i3-9100F Processor

Intel® Pentium® Gold G5420 Processor
Intel® Pentium® Gold G5420T Processor

Intel64 Family 6 Model 158 Stepping 11

Intel® Core™ i3-9350K Processor

Intel64 Family 6 Model 158 Stepping 12

Intel® Core™ i9-9900K Processor
Intel® Core™ i7-9700K Processor
Intel® Core™ i5-9600K Processor

Intel® Core™ i9-9900KF Processor
Intel® Core™ i7-9700KF Processor
Intel® Core™ i5-9600KF Processor

Intel® Core™ i5-9400 Processor
Intel® Core™ i7-9400F Processor

Intel64 Family 6 Model 158 Stepping 13

Intel® Core™ i9-9900K Processor
Intel® Core™ i7-9700K Processor
Intel® Core™ i5-9600K Processor

Intel® Core™ i9-9900KF Processor
Intel® Core™ i7-9700KF Processor
Intel® Core™ i5-9600KF Processor

Intel® Core™ i9-9900 Processor
Intel® Core™ i9-9900T Processor
Intel® Core™ i7-9700 Processor
Intel® Core™ i7-9700T Processor
Intel® Core™ i5-9400 Processor

Intel® Core™ i7-9700F Processor
Intel® Core™ i5-9500F Processor
Intel® Core™ i5-9400F Processor

Intel® Core™ i9-9980HK Processor

Intel® Core™ i9-9880H Processor

Intel® Core™ i7-9850H Processor

Intel® Core™ i7-9750H Processor

Intel® Core™ i5-9400H Processor

Intel® Core™ i5-9300H Processor