First Last Prev Next    This bug is not in your last search results.
Bug 57252 - intel-microcode: Multiple issues (5.0)
intel-microcode: Multiple issues (5.0)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 5.0
All Linux
: P3 normal (vote)
: UCS 5.0-7-errata
Assigned To: Quality Assurance
Iván.Delgado
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2024-05-06 08:02 CEST by Quality Assurance
Modified: 2024-05-08 12:38 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2024-05-06 08:02:57 CEST 
New Debian intel-microcode 3.20240312.1~deb10u1 fixes:
This update addresses the following issues:
3.20240312.1~deb10u1 (Sat, 04 May 2024 16:16:32 +0200)
* Non-maintainer upload by the LTS Security Team.
* No-change upload of the bullseye version, rebuilt for buster (LTS), Please  consult the changelog entries 3.20240312.1 and 3.20240312.1~deb11u1 for  details.
* Adresses CVE-2023-43490 CVE-2023-39368 CVE-2023-38575 CVE-2023-22655  CVE-2023-28746
3.20240312.1~deb11u1 (Sat, 30 Mar 2024 07:06:46 -0300)
* Backport to Debian Bullseye
* debian/control: revert non-free-firmware change
3.20240312.1 (Tue, 12 Mar 2024 20:28:17 -0300)
* New upstream microcode datafile 20240312 - Mitigations for  INTEL-SA-INTEL-SA-00972 (CVE-2023-39368): Protection mechanism failure of  bus lock regulator for some Intel Processors may allow an unauthenticated  user to potentially enable denial of service via network access. -  Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575): Non-transparent  sharing of return predictor targets between contexts in some Intel  Processors may allow an authorized user to potentially enable information  disclosure via local access. Affects SGX as well. - Mitigations for  INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS: Information exposure  through microarchitectural state after transient execution from some  register files for some Intel Atom Processors and E-cores of Intel Core  Processors may allow an authenticated user to potentially enable  information disclosure via local access. Enhances VERW instruction to clear  stale register buffers. Affects SGX as well. Requires kernel update to be  effective. - Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka  TECRA: Protection mechanism failure in some 3rd and 4th Generation Intel  Xeon Processors when using Intel SGX or Intel TDX may allow a privileged  user to potentially enable escalation of privilege via local access. NOTE:  effective only when loaded by firmware. Allows SMM firmware to attack  SGX/TDX. - Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490):  Incorrect calculation in microcode keying mechanism for some Intel Xeon D  Processors with Intel SGX may allow a privileged user to potentially enable  information disclosure via local access.
* Fixes for other unspecified functional issues on many processors
* Updated microcodes: sig 0x00050653, pf_mask 0x97, 2023-07-28, rev  0x1000191, size 36864 sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev  0x4003605, size 38912 sig 0x00050657, pf_mask 0xbf, 2023-07-28, rev  0x5003605, size 37888 sig 0x0005065b, pf_mask 0xbf, 2023-08-03, rev  0x7002802, size 30720 sig 0x00050665, pf_mask 0x10, 2023-08-03, rev  0xe000015, size 23552 sig 0x000506f1, pf_mask 0x01, 2023-10-05, rev 0x003e,  size 11264 sig 0x000606a6, pf_mask 0x87, 2023-09-14, rev 0xd0003d1, size  307200 sig 0x000606c1, pf_mask 0x10, 2023-12-05, rev 0x1000290, size 299008  sig 0x000706a1, pf_mask 0x01, 2023-08-25, rev 0x0040, size 76800 sig  0x000706a8, pf_mask 0x01, 2023-08-25, rev 0x0024, size 76800 sig  0x000706e5, pf_mask 0x80, 2023-09-14, rev 0x00c4, size 114688 sig  0x000806c1, pf_mask 0x80, 2023-09-13, rev 0x00b6, size 111616 sig  0x000806c2, pf_mask 0xc2, 2023-09-13, rev 0x0036, size 98304 sig  0x000806d1, pf_mask 0xc2, 2023-09-13, rev 0x0050, size 104448 sig  0x000806ec, pf_mask 0x94, 2023-07-16, rev 0x00fa, size 106496 sig  0x000806f8, pf_mask 0x87, 2024-01-03, rev 0x2b000590, size 579584 sig  0x000806f7, pf_mask 0x87, 2024-01-03, rev 0x2b000590 sig 0x000806f6,  pf_mask 0x87, 2024-01-03, rev 0x2b000590 sig 0x000806f5, pf_mask 0x87,  2024-01-03, rev 0x2b000590 sig 0x000806f4, pf_mask 0x87, 2024-01-03, rev  0x2b000590 sig 0x00090661, pf_mask 0x01, 2023-09-26, rev 0x0019, size 20480  sig 0x00090672, pf_mask 0x07, 2023-09-19, rev 0x0034, size 224256 sig  0x00090675, pf_mask 0x07, 2023-09-19, rev 0x0034 sig 0x000b06f2, pf_mask  0x07, 2023-09-19, rev 0x0034 sig 0x000b06f5, pf_mask 0x07, 2023-09-19, rev  0x0034 sig 0x000906a3, pf_mask 0x80, 2023-09-19, rev 0x0432, size 222208  sig 0x000906a4, pf_mask 0x80, 2023-09-19, rev 0x0432 sig 0x000906c0,  pf_mask 0x01, 2023-09-26, rev 0x24000026, size 20480 sig 0x000906e9,  pf_mask 0x2a, 2023-09-28, rev 0x00f8, size 108544 sig 0x000906ea, pf_mask  0x22, 2023-07-26, rev 0x00f6, size 105472 sig 0x000906ec, pf_mask 0x22,  2023-07-26, rev 0x00f6, size 106496 sig 0x000906ed, pf_mask 0x22,  2023-07-27, rev 0x00fc, size 106496 sig 0x000a0652, pf_mask 0x20,  2023-07-16, rev 0x00fa, size 97280 sig 0x000a0653, pf_mask 0x22,  2023-07-16, rev 0x00fa, size 97280 sig 0x000a0655, pf_mask 0x22,  2023-07-16, rev 0x00fa, size 97280 sig 0x000a0660, pf_mask 0x80,  2023-07-16, rev 0x00fa, size 97280 sig 0x000a0661, pf_mask 0x80,  2023-07-16, rev 0x00fa, size 96256 sig 0x000a0671, pf_mask 0x02,  2023-09-14, rev 0x005e, size 108544 sig 0x000b0671, pf_mask 0x32,  2023-12-14, rev 0x0122, size 215040 sig 0x000b06a2, pf_mask 0xe0,  2023-12-07, rev 0x4121, size 220160 sig 0x000b06a3, pf_mask 0xe0,  2023-12-07, rev 0x4121 sig 0x000b06e0, pf_mask 0x11, 2023-09-25, rev  0x0015, size 138240
* New microcodes: sig 0x000a06a4, pf_mask 0xe6, 2024-01-03, rev 0x001c, size  136192 sig 0x000b06a8, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160  sig 0x000c06f2, pf_mask 0x87, 2023-11-20, rev 0x21000200, size 549888 sig  0x000c06f1, pf_mask 0x87, 2023-11-20, rev 0x21000200
* source: update symlinks to reflect id of the latest release, 20240312
* changelog, debian/changelog: fix typos
Comment 1 Quality Assurance univentionstaff 2024-05-06 09:00:40 CEST 
--- mirror/ftp/pool/main/i/intel-microcode/intel-microcode_3.20231114.1~deb10u1.dsc
+++ apt/ucs_5.0-0-errata5.0-7/source/intel-microcode_3.20240312.1~deb10u1.dsc
@@ -1,3 +1,97 @@
+3.20240312.1~deb10u1 [Sat, 04 May 2024 16:16:32 +0200] Tobias Frost <tobi@debian.org>:
+
+  * Non-maintainer upload by the LTS Security Team.
+  * No-change upload of the bullseye version, rebuilt for buster (LTS),
+    Please consult the changelog entries 3.20240312.1 and 3.20240312.1~deb11u1
+    for details. 
+  * Adresses CVE-2023-43490 CVE-2023-39368 CVE-2023-38575 CVE-2023-22655
+    CVE-2023-28746 (Closes: #1066108)
+
+3.20240312.1~deb11u1 [Sat, 30 Mar 2024 07:06:46 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * Backport to Debian Bullseye
+  * debian/control: revert non-free-firmware change
+
+3.20240312.1 [Tue, 12 Mar 2024 20:28:17 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * New upstream microcode datafile 20240312 (closes: #1066108)
+    - Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
+      Protection mechanism failure of bus lock regulator for some Intel
+      Processors may allow an unauthenticated user to potentially enable
+      denial of service via network access.
+    - Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
+      Non-transparent sharing of return predictor targets between contexts in
+      some Intel Processors may allow an authorized user to potentially
+      enable information disclosure via local access.  Affects SGX as well.
+    - Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
+      Information exposure through microarchitectural state after transient
+      execution from some register files for some Intel Atom Processors and
+      E-cores of Intel Core Processors may allow an authenticated user to
+      potentially enable information disclosure via local access.  Enhances
+      VERW instruction to clear stale register buffers.  Affects SGX as well.
+      Requires kernel update to be effective.
+    - Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA:
+      Protection mechanism failure in some 3rd and 4th Generation Intel Xeon
+      Processors when using Intel SGX or Intel TDX may allow a privileged
+      user to potentially enable escalation of privilege via local access.
+      NOTE: effective only when loaded by firmware.  Allows SMM firmware to
+      attack SGX/TDX.
+    - Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490):
+      Incorrect calculation in microcode keying mechanism for some Intel
+      Xeon D Processors with Intel SGX may allow a privileged user to
+      potentially enable information disclosure via local access.
+  * Fixes for other unspecified functional issues on many processors
+  * Updated microcodes:
+    sig 0x00050653, pf_mask 0x97, 2023-07-28, rev 0x1000191, size 36864
+    sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
+    sig 0x00050657, pf_mask 0xbf, 2023-07-28, rev 0x5003605, size 37888
+    sig 0x0005065b, pf_mask 0xbf, 2023-08-03, rev 0x7002802, size 30720
+    sig 0x00050665, pf_mask 0x10, 2023-08-03, rev 0xe000015, size 23552
+    sig 0x000506f1, pf_mask 0x01, 2023-10-05, rev 0x003e, size 11264
+    sig 0x000606a6, pf_mask 0x87, 2023-09-14, rev 0xd0003d1, size 307200
+    sig 0x000606c1, pf_mask 0x10, 2023-12-05, rev 0x1000290, size 299008
+    sig 0x000706a1, pf_mask 0x01, 2023-08-25, rev 0x0040, size 76800
+    sig 0x000706a8, pf_mask 0x01, 2023-08-25, rev 0x0024, size 76800
+    sig 0x000706e5, pf_mask 0x80, 2023-09-14, rev 0x00c4, size 114688
+    sig 0x000806c1, pf_mask 0x80, 2023-09-13, rev 0x00b6, size 111616
+    sig 0x000806c2, pf_mask 0xc2, 2023-09-13, rev 0x0036, size 98304
+    sig 0x000806d1, pf_mask 0xc2, 2023-09-13, rev 0x0050, size 104448
+    sig 0x000806ec, pf_mask 0x94, 2023-07-16, rev 0x00fa, size 106496
+    sig 0x000806f8, pf_mask 0x87, 2024-01-03, rev 0x2b000590, size 579584
+    sig 0x000806f7, pf_mask 0x87, 2024-01-03, rev 0x2b000590
+    sig 0x000806f6, pf_mask 0x87, 2024-01-03, rev 0x2b000590
+    sig 0x000806f5, pf_mask 0x87, 2024-01-03, rev 0x2b000590
+    sig 0x000806f4, pf_mask 0x87, 2024-01-03, rev 0x2b000590
+    sig 0x00090661, pf_mask 0x01, 2023-09-26, rev 0x0019, size 20480
+    sig 0x00090672, pf_mask 0x07, 2023-09-19, rev 0x0034, size 224256
+    sig 0x00090675, pf_mask 0x07, 2023-09-19, rev 0x0034
+    sig 0x000b06f2, pf_mask 0x07, 2023-09-19, rev 0x0034
+    sig 0x000b06f5, pf_mask 0x07, 2023-09-19, rev 0x0034
+    sig 0x000906a3, pf_mask 0x80, 2023-09-19, rev 0x0432, size 222208
+    sig 0x000906a4, pf_mask 0x80, 2023-09-19, rev 0x0432
+    sig 0x000906c0, pf_mask 0x01, 2023-09-26, rev 0x24000026, size 20480
+    sig 0x000906e9, pf_mask 0x2a, 2023-09-28, rev 0x00f8, size 108544
+    sig 0x000906ea, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 105472
+    sig 0x000906ec, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 106496
+    sig 0x000906ed, pf_mask 0x22, 2023-07-27, rev 0x00fc, size 106496
+    sig 0x000a0652, pf_mask 0x20, 2023-07-16, rev 0x00fa, size 97280
+    sig 0x000a0653, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
+    sig 0x000a0655, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
+    sig 0x000a0660, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 97280
+    sig 0x000a0661, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 96256
+    sig 0x000a0671, pf_mask 0x02, 2023-09-14, rev 0x005e, size 108544
+    sig 0x000b0671, pf_mask 0x32, 2023-12-14, rev 0x0122, size 215040
+    sig 0x000b06a2, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
+    sig 0x000b06a3, pf_mask 0xe0, 2023-12-07, rev 0x4121
+    sig 0x000b06e0, pf_mask 0x11, 2023-09-25, rev 0x0015, size 138240
+  * New microcodes:
+    sig 0x000a06a4, pf_mask 0xe6, 2024-01-03, rev 0x001c, size 136192
+    sig 0x000b06a8, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
+    sig 0x000c06f2, pf_mask 0x87, 2023-11-20, rev 0x21000200, size 549888
+    sig 0x000c06f1, pf_mask 0x87, 2023-11-20, rev 0x21000200
+  * source: update symlinks to reflect id of the latest release, 20240312
+  * changelog, debian/changelog: fix typos
+
 3.20231114.1~deb10u1 [Sat, 16 Dec 2023 16:57:23 +0100] Tobias Frost <tobi@debian.org>:
 
   * Non-maintainer upload by the LTS Security Team.

<http://piuparts.knut.univention.de/5.0-7/#7025227554587144124>
Comment 2 Iván.Delgado univentionstaff 2024-05-07 15:10:44 CEST 
OK: bug
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[5.0-7] 1d12bab027 Bug #57252: intel-microcode 3.20240312.1~deb10u1
 doc/errata/staging/intel-microcode.yaml | 95 ++++++---------------------------
 1 file changed, 16 insertions(+), 79 deletions(-)

[5.0-7] f50d6c0574 Bug #57252: intel-microcode 3.20240312.1~deb10u1
 doc/errata/staging/intel-microcode.yaml | 96 +++++++++++++++++++++++++++++++++
 1 file changed, 96 insertions(+)
Comment 3 Iván.Delgado univentionstaff 2024-05-08 12:38:04 CEST 
<https://errata.software-univention.de/#/?erratum=5.0x1036>
First Last Prev Next    This bug is not in your last search results.