Red Hat is releasing updates that are reverting previous patches for the Spectre vulnerability (Variant 2, aka CVE-2017-5715) after customers complained that some systems were failing to boot.
"Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot," the company said yesterday.
"The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes to versions that were known to be stable and well tested, released prior to the Spectre/Meltdown embargo lift date on Jan 3rd,"
Red Had added.
Red Hat tells users to contact CPU/OEM vendors
Instead, Red Hat is recommending that each customer contact their OEM hardware provider and inquire about mitigations for CVE-2017-5715 on a per-system basis.
Besides Red Hat Enterprise Linux, other RHEL-based distros like CentOS and Scientific Linux are also expected to be affected by Red Hat's decision to revert previous Spectre Variant 2 updates, so these users will also have to contact CPU/OEM vendors.
CVE-2017-5715 is the identification number for one of three bugs known as Meltdown (CVE-2017-5754) and Spectre (Variant 1 - CVE-2017-5753, and Variant 2 - CVE-2017-5715).
Most experts have always said that only Meltdown and Spectre Variant 1 could be theoretically be addressed via an OS-level patch, Spectre Variant 2 requiring a firmware/BIOS/microcode update to patch fully.
Earlier this week, Bleeping Computer
put together a list of places where users could find BIOS updates for the Spectre flaw.
