Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

AMD have released an microcode update for affected processors. Your BIOS or Operating System vendor may already have an update available that includes it.

I don’t really understand how CPU microcode updates work. If I’m keeping Ubuntu up to date, will this just happen automatically?



If you already have the package amd64-microcode installed (highly likely), then yes it will be updated automatically.

https://packages.ubuntu.com/search?keywords=amd64-microcode


Great, thanks.

Sort of weirds me out that my OS can just silently update my CPU - I didn’t realize I was giving it that level of control… I guess it’s good vs the alternative of no-one actually updating for exploits like his though.


Active microcode updates are stored in volatile memory and thus have to be applied during each system boot.

https://wiki.gentoo.org/wiki/Microcode


It does not upgrade your cpu, it loads up the firemware when you boot Linux.


That’s reassuring, thanks (not sure why you’re getting downvoted!)


As opposed to updating any other piece of software in the system directly? The OS has always had full control.


The implication was that you could boot a malicious OS, then boot into a different OS with the same processor and get pwned. As other commenters mentioned, this mechanism doesn't create that risk because the update has to be applied each boot.


the security patch has now shown up in ubuntu and is visible in that packages listing, 3.20191218.1ubuntu2.1


https://www.cyberciti.biz/faq/install-update-intel-microcode...


no.

microcode changes are provided to the CPU at boot time and are only valid early in the boot process. the machine UEFI/BIOS must apply them.


Linux can (and does) apply microcode patches during kernel boot.


for example use journalctl -k -g microcode to see log messages related to this: (intel cpu, so revision does not relate to anything AMD)

> microcode: microcode updated early to revision 0xa6, date = 2022-06-28


oh.

every time I think I'm right, I'm wrong, and every time I think I'm wrong, I'm right.

except here. I'm always wrong, here.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: