Univention Bugzilla – Bug 53522
intel-microcode: Multiple issues (5.0)
Last modified: 2021-06-30 18:54:32 CEST
New Debian intel-microcode 3.20210608.2~deb10u1 fixes: This update addresses the following issues: * vt-d related privilege escalation (CVE-2020-24489) * improper isolation of shared resources in some Intel Processors (CVE-2020-24511) * observable timing discrepancy in some Intel Processors (CVE-2020-24512) * information disclosure on some Intel Atom processors (CVE-2020-24513)
--- mirror/ftp/pool/main/i/intel-microcode/intel-microcode_3.20210216.1~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/intel-microcode_3.20210608.2~deb10u1.dsc @@ -1,3 +1,87 @@ +3.20210608.2~deb10u1 [Wed, 23 Jun 2021 17:52:40 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * SECURITY UPDATE with known possible regressions + * Refer to the changelog entry for 3.20210608.1 for the list of security + fixes in this release. + * Possible regression: CoffeLake processors with signature 0x906ea *and* + Intel Wireless LAN on-board + - The Intel WiFi firmware might stop working, refer to: + https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/56 + * Possible regression: Skylake R0/D0 (signatures 0x406e3 and 0x506e3), + - Motherboards with severely outdated firmware where the UEFI/BIOS microcode + revision is less than 0x80 may hang on boot. Refer to: + https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31 + * Reintroduces all fixes (including several security updates) to Skylake + D0/R0 that were temporarily disabled in past releases. Refer to changelog + entries since (and including) 3.20200609.1 for the list of security fixes. + +3.20210608.2 [Wed, 23 Jun 2021 13:42:19 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * Correct INTEL-SA-00442 CVE id to CVE-2020-24489 in changelog and + debian/changelog (3.20210608.1). + +3.20210608.1 [Tue, 08 Jun 2021 22:37:57 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * New upstream microcode datafile 20210608 (closes: #989615) + * Implements mitigations for CVE-2020-24511 CVE-2020-24512 + (INTEL-SA-00464), information leakage through shared resources, + and timing discrepancy sidechannels + * Implements mitigations for CVE-2020-24513 (INTEL-SA-00465), + Domain-bypass transient execution vulnerability in some Intel Atom + Processors, affects Intel SGX. + * Implements mitigations for CVE-2020-24489 (INTEL-SA-00442), Intel + VT-d privilege escalation + * Fixes critical errata on several processors + * New Microcodes: + sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x3000010, size 47104 + sig 0x000606a5, pf_mask 0x87, 2021-03-08, rev 0xc0002f0, size 283648 + sig 0x000606a6, pf_mask 0x87, 2021-04-25, rev 0xd0002a0, size 283648 + sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 + sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 + sig 0x000806c1, pf_mask 0x80, 2021-03-31, rev 0x0088, size 109568 + sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016, size 94208 + sig 0x000806d1, pf_mask 0xc2, 2021-04-23, rev 0x002c, size 99328 + sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011, size 19456 + sig 0x000906c0, pf_mask 0x01, 2021-03-23, rev 0x001d, size 19456 + sig 0x000a0671, pf_mask 0x02, 2021-04-11, rev 0x0040, size 100352 + * Updated Microcodes: + sig 0x000306f2, pf_mask 0x6f, 2021-01-27, rev 0x0046, size 34816 + sig 0x000306f4, pf_mask 0x80, 2021-02-05, rev 0x0019, size 19456 + sig 0x000406e3, pf_mask 0xc0, 2021-01-25, rev 0x00ea, size 105472 + sig 0x000406f1, pf_mask 0xef, 2021-02-06, rev 0xb00003e, size 31744 + sig 0x00050653, pf_mask 0x97, 2021-03-08, rev 0x100015b, size 34816 + sig 0x00050654, pf_mask 0xb7, 2021-03-08, rev 0x2006b06, size 36864 + sig 0x00050656, pf_mask 0xbf, 2021-03-08, rev 0x4003102, size 30720 + sig 0x00050657, pf_mask 0xbf, 2021-03-08, rev 0x5003102, size 30720 + sig 0x0005065b, pf_mask 0xbf, 2021-04-23, rev 0x7002302, size 27648 + sig 0x00050663, pf_mask 0x10, 2021-02-04, rev 0x700001b, size 24576 + sig 0x00050664, pf_mask 0x10, 2021-02-04, rev 0xf000019, size 24576 + sig 0x00050665, pf_mask 0x10, 2021-02-04, rev 0xe000012, size 19456 + sig 0x000506c9, pf_mask 0x03, 2020-10-23, rev 0x0044, size 17408 + sig 0x000506ca, pf_mask 0x03, 2020-10-23, rev 0x0020, size 15360 + sig 0x000506e3, pf_mask 0x36, 2021-01-25, rev 0x00ea, size 105472 + sig 0x000506f1, pf_mask 0x01, 2020-10-23, rev 0x0034, size 11264 + sig 0x000706a1, pf_mask 0x01, 2020-10-23, rev 0x0036, size 74752 + sig 0x000706a8, pf_mask 0x01, 2020-10-23, rev 0x001a, size 75776 + sig 0x000706e5, pf_mask 0x80, 2020-11-01, rev 0x00a6, size 110592 + sig 0x000806a1, pf_mask 0x10, 2020-11-06, rev 0x002a, size 32768 + sig 0x000806e9, pf_mask 0x10, 2021-01-05, rev 0x00ea, size 104448 + sig 0x000806e9, pf_mask 0xc0, 2021-01-05, rev 0x00ea, size 104448 + sig 0x000806ea, pf_mask 0xc0, 2021-01-06, rev 0x00ea, size 103424 + sig 0x000806eb, pf_mask 0xd0, 2021-01-05, rev 0x00ea, size 104448 + sig 0x000806ec, pf_mask 0x94, 2021-01-05, rev 0x00ea, size 104448 + sig 0x000906e9, pf_mask 0x2a, 2021-01-05, rev 0x00ea, size 104448 + sig 0x000906ea, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 102400 + sig 0x000906eb, pf_mask 0x02, 2021-01-05, rev 0x00ea, size 104448 + sig 0x000906ec, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424 + sig 0x000906ed, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424 + sig 0x000a0652, pf_mask 0x20, 2021-02-07, rev 0x00ea, size 93184 + sig 0x000a0653, pf_mask 0x22, 2021-03-08, rev 0x00ea, size 94208 + sig 0x000a0655, pf_mask 0x22, 2021-03-08, rev 0x00ec, size 94208 + sig 0x000a0660, pf_mask 0x80, 2020-12-08, rev 0x00e8, size 94208 + sig 0x000a0661, pf_mask 0x80, 2021-02-07, rev 0x00ea, size 93184 + * source: update symlinks to reflect id of the latest release, 20210608 + 3.20210216.1~deb10u1 [Sat, 20 Mar 2021 11:57:37 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: * RELEASE MANAGER INFORMATION: this update mitigates an extra security <http://piuparts.knut.univention.de/5.0-0/#6314566960966097910>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-0] 3614dee8c7 Bug #53522: intel-microcode 3.20210608.2~deb10u1 doc/errata/staging/intel-microcode.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x35>