Intel first learned of the Meltdown and Spectre vulnerabilities in June, but a confidential company memo indicates the chip maker didn’t inform OEM partners of one of the Spectre vulnerabilities until late November.
TechTarget sister publication LeMagIT obtained a technical advisory from the Intel Product Security Incident Response Team (PSIRT) regarding the chip maker’s disclosure plan for a Spectre vulnerability, CVE-2017-5715, which is a branch target injection attack. The document, which is marked “Intel Confidential,” shows the initial disclosure of the flaw for OEM customers was on Nov. 29, 2017, under a confidential non-disclosure agreement. In addition, the document shows the original planned public disclosure date of Jan. 9, 2018, which was preempted by industry speculation pointing to Meltdown and Spectre vulnerabilities.
“Intel’s disclosure plan is designed to provide affected parties time to deploy mitigations for these issues prior to any planned public disclosure,” the document states.
Google Project Zero research Jann Horn notified Intel, AMD
Intel did not respond to requests for comment.
The 11-page advisory, which was updated Dec. 20, 2017, contains a revision history for the planned microcode updates for the Spectre vulnerability. According to the advisory, which was viewed by SearchSecurity, the first round of Spectre microcode updates, including those for several Broadwell and Haswell products, was made available to third parties on Dec. 24.
The updates for Broadwell and Haswell-based systems later proved to be problematic; Intel announced earlier this month that some client and data center systems running Broadwell and Haswell chips were experiencing “higher system reboots” after applying the updates. The chip maker this week announced it was pulling the updates and urged OEMs, cloud providers, system builders and software vendors to stop deployment of the updates and wait for a new version.
“We have now identified the root cause for Broadwell and Haswell
The confidential Intel documents also
In the company’s