Univention Bugzilla – Bug 51491
intel-microcode: Multiple issues (4.4)
Last modified: 2020-06-17 15:39:31 CEST
New Debian intel-microcode 3.20200609.2~deb9u1 fixes: This update addresses the following issues: * Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) * Vector Register Data Sampling (CVE-2020-0548) * L1D Cache Eviction Sampling (CVE-2020-0549)
--- mirror/ftp/4.4/unmaintained/4.4-4/source/intel-microcode_3.20191115.2~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-4/source/intel-microcode_3.20200609.2~deb9u1.dsc @@ -1,3 +1,81 @@ +3.20200609.2~deb9u1 [Thu, 11 Jun 2020 09:29:13 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * Rebuild for stretch-security, no changes + Refer to changelog entries for 3.20200609.2 and 3.20200609.1 for details + +3.20200609.2 [Thu, 11 Jun 2020 08:55:07 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression + * Microcode rollbacks (closes: LP#1883002) + sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 + * THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS + * Avoid hangs on boot on (some?) Skylake-U/Y processors, + https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31 + * ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading, + just in case. Note that Debian does not do late loading by itself. + Refer to LP#1883002 for the report, 0x806ec hangs upon late load. + +3.20200609.1 [Tue, 09 Jun 2020 17:16:46 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * SECURITY UPDATE + * For most processors: SRBDS and/or VRDS, L1DCES mitigations depending + on the processor model + * For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and + L1DCES mitigations, plus mitigations described in the changelog entry + for package release 3.20191112.1. + * Expect some performance impact, the mitigations are enabled by + default. A Linux kernel update will be issued that allows one to + selectively disable the mitigations. + * New upstream microcode datafile 20200609 + * Implements mitigation for CVE-2020-0543 Special Register Buffer Data + Sampling (SRBDS), INTEL-SA-00320, CROSSTalk + * Implements mitigation for CVE-2020-0548 Vector Register Data Sampling + (VRDS), INTEL-SA-00329 + * Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling + (L1DCES), INTEL-SA-00329 + * Known to fix the regression introduced in release 2019-11-12 (sig + 0x50564, rev. 0x2000065), which would cause several systems with + Skylake Xeon, Skylake HEDT processors to hang while rebooting + * Updated Microcodes: + sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552 + sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456 + sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528 + sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600 + sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336 + sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448 + sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768 + sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816 + sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224 + sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224 + sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448 + sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424 + sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424 + sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424 + sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424 + sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424 + sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424 + sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400 + sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424 + sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400 + sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424 + * Restores the microcode-level fixes that were reverted by release + 3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT) + +3.20200520.1 [Thu, 21 May 2020 11:44:00 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * New upstream microcode datafile 20200520 + + Updated Microcodes: + sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432 + sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456 + +3.20200508.1 [Sat, 09 May 2020 23:30:43 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * New upstream microcode datafile 20200508 + + Updated Microcodes: + sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520 + * Likely fixes several critical errata on IceLake-U/Y causing system + hangs + 3.20191115.2~deb9u1 [Wed, 11 Dec 2019 16:39:18 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: * Rebuild for stretch-security (no changes) <http://10.200.17.11/4.4-4/#6648085684347597803>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-4] 3f7e0e099d Bug #51491: intel-microcode 3.20200609.2~deb9u1 doc/errata/staging/intel-microcode.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<http://errata.software-univention.de/ucs/4.4/625.html>