System builders and OEMs recall botched Intel Spectre patches

As Intel continues to work on a fix for the reboot issue plaguing its botched Spectre microcode patch, several OEMs, including Dell, Acer, and AsRock, have recalled their BIOS patches.

The Spectre and Meltdown issues are composed of three vulnerabilities, each with its own designation in the Critical Exposure and Vulnerability (CVE) list. Meltdown is designated as CVE-2017-5754, while Spectre has two components: CVE-2017-5753 and CVE-2017-5715. Out of the three, CVE-2017-5715 is the only one that requires updates to the CPU microcode, which needs to be implemented through the BIOS.

Dell has updated its patch guide to remind its users to not install the update.

“Dell is advising that all customers should not deploy the BIOS update for the Spectre (Variant 2) vulnerability at this time. We have removed the impacted BIOS updates from our support pages and are working with intel on a new BIOS update that will include new microcode from Intel.”

Acer added a similar statement to its patch guide.

“At this time, we do not recommend updating your BIOS if your system has a Core i CPU from the 4th (Haswell) or 5th (Broadwell) generation, as it may cause system instability.”

Almost all OEMs are asking its users to roll back to a previous version of the BIOS until a proper fix is released. The BIOS rollback will only revert the patch for Spectre CVE-2017-5715, and will not affect fixes for the other two vulnerabilities.

Most manufacturers now have updated patch guides on their respective websites detailing the reversion process.