First Last Prev Next    This bug is not in your last search results.
Bug 56920 - intel-microcode: Multiple issues (5.0)
intel-microcode: Multiple issues (5.0)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 5.0
All Linux
: P3 normal (vote)
: UCS 5.0-6-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-12-18 10:47 CET by Quality Assurance
Modified: 2023-12-20 17:04 CET (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 8.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2023-12-18 10:47:34 CET 
New Debian intel-microcode 3.20231114.1~deb10u1 fixes:
This update addresses the following issue:
3.20231114.1~deb10u1 (Sat, 16 Dec 2023 16:57:23 +0100)
* Non-maintainer upload by the LTS Security Team.
* No-change upload of the bullseye version, rebuilt for buster (LTS), fixing  CVE-2023-23583 See changelog entry from November 16th 2023 or DSA-5563-1  for details about the security vulnerability.
3.20231114.1~deb11u1 (Sat, 18 Nov 2023 16:47:51 -0300)
* Backport to Debian Bullseye
* debian/control: revert non-free-firmware change
3.20231114.1 (Thu, 16 Nov 2023 08:09:43 -0300)
* New upstream microcode datafile 20231114 Mitigations for "reptar",  INTEL-SA-00950 (CVE-2023-23583) Sequence of processor instructions leads to  unexpected behavior for some Intel(R) Processors, may allow an  authenticated user to potentially enable escalation of privilege and/or  information disclosure and/or denial of service via local access. Note:  "reptar" on 4th gen Xeon Scalable (sig 0x806f8 pfm 0x87), 12th gen Core  mobile (sig 0x906a4 pfm 0x80), 13th gen Core desktop (sig 0xb0671 pfm 0x01)  were already mitigated by a previous microcode update.
* Fixes for unspecified functional issues
* Updated microcodes: sig 0x000606a6, pf_mask 0x87, 2023-09-01, rev  0xd0003b9, size 299008 sig 0x000606c1, pf_mask 0x10, 2023-09-08, rev  0x1000268, size 290816 sig 0x000706e5, pf_mask 0x80, 2023-09-03, rev  0x00c2, size 113664 sig 0x000806c1, pf_mask 0x80, 2023-09-07, rev 0x00b4,  size 111616 sig 0x000806c2, pf_mask 0xc2, 2023-09-07, rev 0x0034, size  98304 sig 0x000806d1, pf_mask 0xc2, 2023-09-07, rev 0x004e, size 104448 sig  0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416 sig  0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0 sig 0x000806f7,  pf_mask 0x87, 2023-06-16, rev 0x2b0004d0 sig 0x000806f6, pf_mask 0x87,  2023-06-16, rev 0x2b0004d0 sig 0x000806f5, pf_mask 0x87, 2023-06-16, rev  0x2b0004d0 sig 0x000806f4, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0 sig  0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184 sig  0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290 sig 0x000806f6,  pf_mask 0x10, 2023-06-26, rev 0x2c000290 sig 0x000806f5, pf_mask 0x10,  2023-06-26, rev 0x2c000290 sig 0x000806f4, pf_mask 0x10, 2023-06-26, rev  0x2c000290 sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032, size  222208 sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032 sig 0x00090675,  pf_mask 0x07, 2023-06-07, rev 0x0032 sig 0x000b06f2, pf_mask 0x07,  2023-06-07, rev 0x0032 sig 0x000b06f5, pf_mask 0x07, 2023-06-07, rev 0x0032  sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430, size 220160 sig  0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430 sig 0x000906a4, pf_mask  0x80, 2023-06-07, rev 0x0430 sig 0x000906a4, pf_mask 0x40, 2023-05-05, rev  0x0005, size 117760 sig 0x000a0671, pf_mask 0x02, 2023-09-03, rev 0x005d,  size 104448 sig 0x000b0671, pf_mask 0x32, 2023-08-29, rev 0x011d, size  210944 sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c, size 216064  sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c sig 0x000b06a3,  pf_mask 0xe0, 2023-08-30, rev 0x411c sig 0x000b06e0, pf_mask 0x11,  2023-06-26, rev 0x0012, size 136192
* Updated 2023-08-08 changelog entry with reptar information
* source: update symlinks to reflect id of the latest release, 20231114
Comment 1 Quality Assurance univentionstaff 2023-12-18 11:00:40 CET 
--- mirror/ftp/pool/main/i/intel-microcode/intel-microcode_3.20230808.1~deb10u1.dsc
+++ apt/ucs_5.0-0-errata5.0-6/source/intel-microcode_3.20231114.1~deb10u1.dsc
@@ -1,3 +1,64 @@
+3.20231114.1~deb10u1 [Sat, 16 Dec 2023 16:57:23 +0100] Tobias Frost <tobi@debian.org>:
+
+  * Non-maintainer upload by the LTS Security Team.
+  * No-change upload of the bullseye version, rebuilt for buster (LTS),
+    fixing CVE-2023-23583 (Closes: #1055962)
+    See changelog entry from November 16th 2023 or DSA-5563-1 for details
+    about the security vulnerability.
+
+3.20231114.1~deb11u1 [Sat, 18 Nov 2023 16:47:51 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * Backport to Debian Bullseye
+  * debian/control: revert non-free-firmware change
+
+3.20231114.1 [Thu, 16 Nov 2023 08:09:43 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * New upstream microcode datafile 20231114 (closes: #1055962)
+    Mitigations for "reptar", INTEL-SA-00950 (CVE-2023-23583)
+    Sequence of processor instructions leads to unexpected behavior for some
+    Intel(R) Processors, may allow an authenticated user to potentially enable
+    escalation of privilege and/or information disclosure and/or denial of
+    service via local access.
+    Note: "reptar" on 4th gen Xeon Scalable (sig 0x806f8 pfm 0x87), 12th gen
+    Core mobile (sig 0x906a4 pfm 0x80), 13th gen Core desktop (sig 0xb0671 pfm
+    0x01) were already mitigated by a previous microcode update.
+  * Fixes for unspecified functional issues
+  * Updated microcodes:
+    sig 0x000606a6, pf_mask 0x87, 2023-09-01, rev 0xd0003b9, size 299008
+    sig 0x000606c1, pf_mask 0x10, 2023-09-08, rev 0x1000268, size 290816
+    sig 0x000706e5, pf_mask 0x80, 2023-09-03, rev 0x00c2, size 113664
+    sig 0x000806c1, pf_mask 0x80, 2023-09-07, rev 0x00b4, size 111616
+    sig 0x000806c2, pf_mask 0xc2, 2023-09-07, rev 0x0034, size 98304
+    sig 0x000806d1, pf_mask 0xc2, 2023-09-07, rev 0x004e, size 104448
+    sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416
+    sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
+    sig 0x000806f7, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
+    sig 0x000806f6, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
+    sig 0x000806f5, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
+    sig 0x000806f4, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
+    sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184
+    sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290
+    sig 0x000806f6, pf_mask 0x10, 2023-06-26, rev 0x2c000290
+    sig 0x000806f5, pf_mask 0x10, 2023-06-26, rev 0x2c000290
+    sig 0x000806f4, pf_mask 0x10, 2023-06-26, rev 0x2c000290
+    sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208
+    sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032
+    sig 0x00090675, pf_mask 0x07, 2023-06-07, rev 0x0032
+    sig 0x000b06f2, pf_mask 0x07, 2023-06-07, rev 0x0032
+    sig 0x000b06f5, pf_mask 0x07, 2023-06-07, rev 0x0032
+    sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430, size 220160
+    sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430
+    sig 0x000906a4, pf_mask 0x80, 2023-06-07, rev 0x0430
+    sig 0x000906a4, pf_mask 0x40, 2023-05-05, rev 0x0005, size 117760
+    sig 0x000a0671, pf_mask 0x02, 2023-09-03, rev 0x005d, size 104448
+    sig 0x000b0671, pf_mask 0x32, 2023-08-29, rev 0x011d, size 210944
+    sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c, size 216064
+    sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c
+    sig 0x000b06a3, pf_mask 0xe0, 2023-08-30, rev 0x411c
+    sig 0x000b06e0, pf_mask 0x11, 2023-06-26, rev 0x0012, size 136192
+  * Updated 2023-08-08 changelog entry with reptar information
+  * source: update symlinks to reflect id of the latest release, 20231114
+
 3.20230808.1~deb10u1 [Tue, 15 Aug 2023 18:30:59 +0530] Utkarsh Gupta <utkarsh@debian.org>:
 
   * Non-maintainer upload by the LTS team.
@@ -11,8 +72,10 @@
 3.20230808.1 [Tue, 08 Aug 2023 17:25:56 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
 
   * New upstream microcode datafile 20230808 (closes: #1043305)
-    Mitigations for "Downfall" INTEL-SA-00828 (CVE-2022-40982),
-    INTEL-SA-00836 (CVE-2023-23908) and INTEL-SA-00837 (CVE-2022-41804)
+    * Mitigations for "Downfall" INTEL-SA-00828 (CVE-2022-40982),
+      INTEL-SA-00836 (CVE-2023-23908) and INTEL-SA-00837 (CVE-2022-41804)
+    * Mitigations for "reptar" on a few processors, refer to the 2023-11-14
+      entry for details.  This information was disclosed in 2023-11-14.
     * Updated microcodes:
       sig 0x00050653, pf_mask 0x97, 2023-03-23, rev 0x1000181, size 36864
       sig 0x00050654, pf_mask 0xb7, 2023-03-06, rev 0x2007006, size 44032

<http://piuparts.knut.univention.de/5.0-6/#6529280508419464245>
Comment 2 Iván.Delgado univentionstaff 2023-12-20 16:17:07 CET 
OK: bug
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[5.0-6] 9af688c318 Bug #56920: intel-microcode 3.20231114.1~deb10u1
 doc/errata/staging/intel-microcode.yaml | 50 ++-------------------------------
 1 file changed, 2 insertions(+), 48 deletions(-)

[5.0-6] 79f68198b6 Bug #56920: intel-microcode 3.20231114.1~deb10u1
 doc/errata/staging/intel-microcode.yaml | 59 +++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)
First Last Prev Next    This bug is not in your last search results.