Univention Bugzilla – Bug 57557
intel-microcode: Multiple issues (5.0)
Last modified: 2024-09-04 17:51:24 CEST
New Debian intel-microcode 3.20240813.1~deb10u1 fixes: This update addresses the following issues: 3.20240813.1~deb10u1 (Thu, 22 Aug 2024 01:58:10 +0200) * Non-maintainer upload by the LTS Security Team. * No-change upload of the bullseye version, rebuilt for buster (LTS), Please consult the changelog entries 3.20240813.1 and 3.20240813.1~deb11u1 for details. * Adresses CVE-2024-24853 CVE-2024-25939 CVE-2024-24980 CVE-2023-42667 CVE-2023-49141 CVE-2023-45733 CVE-2023-46103 CVE-2023-45745 CVE-2023-47855. 3.20240813.1~deb11u1 (Mon, 19 Aug 2024 22:26:47 -0300) * Build for bullseye (no changes from 3.20240813.1) 3.20240813.1 (Thu, 15 Aug 2024 14:41:50 -0300) * New upstream microcode datafile 20240813 - Mitigations for INTEL-SA-01083 (CVE-2024-24853) Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel Processors may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01118 (CVE-2024-25939) Mirrored regions with different values in 3rd Generation Intel Xeon Scalable Processors may allow a privileged user to potentially enable denial of service via local access. - Mitigations for INTEL-SA-01100 (CVE-2024-24980) Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel Xeon Processors may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01038 (CVE-2023-42667) Improper isolation in the Intel Core Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01046 (CVE-2023-49141) Improper isolation in some Intel® Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. - Fix for unspecified functional issues on several processor models * Updated microcodes: sig 0x00050657, pf_mask 0xbf, 2024-03-01, rev 0x5003707, size 39936 sig 0x0005065b, pf_mask 0xbf, 2024-04-01, rev 0x7002904, size 30720 sig 0x000606a6, pf_mask 0x87, 2024-04-01, rev 0xd0003e7, size 308224 sig 0x000606c1, pf_mask 0x10, 2024-04-03, rev 0x10002b0, size 300032 sig 0x000706e5, pf_mask 0x80, 2024-02-15, rev 0x00c6, size 114688 sig 0x000806c1, pf_mask 0x80, 2024-02-15, rev 0x00b8, size 112640 sig 0x000806c2, pf_mask 0xc2, 2024-02-15, rev 0x0038, size 99328 sig 0x000806d1, pf_mask 0xc2, 2024-02-15, rev 0x0052, size 104448 sig 0x000806e9, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 106496 sig 0x000806e9, pf_mask 0x10, 2024-02-01, rev 0x00f6, size 106496 sig 0x000806ea, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 105472 sig 0x000806eb, pf_mask 0xd0, 2024-02-01, rev 0x00f6, size 106496 sig 0x000806ec, pf_mask 0x94, 2024-02-05, rev 0x00fc, size 106496 sig 0x00090661, pf_mask 0x01, 2024-04-05, rev 0x001a, size 20480 sig 0x000906ea, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 105472 sig 0x000906eb, pf_mask 0x02, 2024-02-01, rev 0x00f6, size 106496 sig 0x000906ec, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 106496 sig 0x000906ed, pf_mask 0x22, 2024-02-05, rev 0x0100, size 106496 sig 0x000a0652, pf_mask 0x20, 2024-02-01, rev 0x00fc, size 97280 sig 0x000a0653, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 98304 sig 0x000a0655, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 97280 sig 0x000a0660, pf_mask 0x80, 2024-02-01, rev 0x00fe, size 97280 sig 0x000a0661, pf_mask 0x80, 2024-02-01, rev 0x00fc, size 97280 sig 0x000a0671, pf_mask 0x02, 2024-03-07, rev 0x0062, size 108544 sig 0x000a06a4, pf_mask 0xe6, 2024-04-15, rev 0x001e, size 137216 * source: update symlinks to reflect id of the latest release, 20240813 * postinst, postrm: switch to dpkg-trigger to run update-initramfs 3.20240531.1 (Sat, 01 Jun 2024 11:49:47 -0300) * New upstream microcode datafile 20240531 * Fix unspecified functional issues on Pentium Silver N/J5xxx, Celeron N/J4xxx * Updated Microcodes: sig 0x000706a1, pf_mask 0x01, 2024-04-19, rev 0x0042, size 76800 * source: update symlinks to reflect id of the latest release, 20240531 3.20240514.1~deb11u1 (Wed, 29 May 2024 23:31:29 -0300) * Backport to Debian Bullseye * debian/control: revert non-free-firmware change 3.20240514.1 (Thu, 16 May 2024 21:40:52 -0300) * New upstream microcode datafile 20240514 * Mitigations for INTEL-SA-01051 (CVE-2023-45733) Hardware logic contains race conditions in some Intel Processors may allow an authenticated user to potentially enable partial information disclosure via local access. * Mitigations for INTEL-SA-01052 (CVE-2023-46103) Sequence of processor instructions leads to unexpected behavior in Intel Core Ultra Processors may allow an authenticated user to potentially enable denial of service via local access. * Mitigations for INTEL-SA-01036 (CVE-2023-45745, CVE-2023-47855) Improper input validation in some Intel TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. * Fix for unspecified functional issues on 4th gen and 5th gen Xeon Scalable, 12th, 13th and 14th gen Intel Core processors, as well as for Core i3 N-series processors. * Updated microcodes: sig 0x000806f8, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0, size 581632 sig 0x000806f7, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0 sig 0x000806f6, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0 sig 0x000806f5, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0 sig 0x000806f4, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0 sig 0x000806f8, pf_mask 0x10, 2024-02-05, rev 0x2c000390, size 614400 sig 0x000806f6, pf_mask 0x10, 2024-02-05, rev 0x2c000390 sig 0x000806f5, pf_mask 0x10, 2024-02-05, rev 0x2c000390 sig 0x000806f4, pf_mask 0x10, 2024-02-05, rev 0x2c000390 sig 0x00090672, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256 sig 0x00090675, pf_mask 0x07, 2023-12-05, rev 0x0035 sig 0x000b06f2, pf_mask 0x07, 2023-12-05, rev 0x0035 sig 0x000b06f5, pf_mask 0x07, 2023-12-05, rev 0x0035 sig 0x000906a3, pf_mask 0x80, 2023-12-05, rev 0x0433, size 222208 sig 0x000906a4, pf_mask 0x80, 2023-12-05, rev 0x0433 sig 0x000906a4, pf_mask 0x40, 2023-12-07, rev 0x0007, size 119808 sig 0x000b0671, pf_mask 0x32, 2024-01-25, rev 0x0123, size 215040 sig 0x000b06e0, pf_mask 0x11, 2023-12-07, rev 0x0017, size 138240 sig 0x000c06f2, pf_mask 0x87, 2024-02-05, rev 0x21000230, size 552960 sig 0x000c06f1, pf_mask 0x87, 2024-02-05, rev 0x21000230 * source: update symlinks to reflect id of the latest release, 20240514
--- mirror/ftp/pool/main/i/intel-microcode/intel-microcode_3.20240312.1~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-8/source/intel-microcode_3.20240813.1~deb10u1.dsc @@ -1,3 +1,125 @@ +3.20240813.1~deb10u1 [Thu, 22 Aug 2024 01:58:10 +0200] Daniel Leidert <dleidert@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * No-change upload of the bullseye version, rebuilt for buster (LTS), + Please consult the changelog entries 3.20240813.1 and 3.20240813.1~deb11u1 + for details. + * Adresses CVE-2024-24853 CVE-2024-25939 CVE-2024-24980 CVE-2023-42667 + CVE-2023-49141 CVE-2023-45733 CVE-2023-46103 CVE-2023-45745 + CVE-2023-47855 (closes: #1078742). + +3.20240813.1~deb11u1 [Mon, 19 Aug 2024 22:26:47 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * Build for bullseye (no changes from 3.20240813.1) + +3.20240813.1 [Thu, 15 Aug 2024 14:41:50 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * New upstream microcode datafile 20240813 (closes: #1078742) + - Mitigations for INTEL-SA-01083 (CVE-2024-24853) + Incorrect behavior order in transition between executive monitor and SMI + transfer monitor (STM) in some Intel Processors may allow a privileged + user to potentially enable escalation of privilege via local access. + - Mitigations for INTEL-SA-01118 (CVE-2024-25939) + Mirrored regions with different values in 3rd Generation Intel Xeon + Scalable Processors may allow a privileged user to potentially enable + denial of service via local access. + - Mitigations for INTEL-SA-01100 (CVE-2024-24980) + Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel + Xeon Processors may allow a privileged user to potentially enable + escalation of privilege via local access. + - Mitigations for INTEL-SA-01038 (CVE-2023-42667) + Improper isolation in the Intel Core Ultra Processor stream cache + mechanism may allow an authenticated user to potentially enable + escalation of privilege via local access. + - Mitigations for INTEL-SA-01046 (CVE-2023-49141) + Improper isolation in some Intel® Processors stream cache mechanism may + allow an authenticated user to potentially enable escalation of + privilege via local access. + - Fix for unspecified functional issues on several processor models + * Updated microcodes: + sig 0x00050657, pf_mask 0xbf, 2024-03-01, rev 0x5003707, size 39936 + sig 0x0005065b, pf_mask 0xbf, 2024-04-01, rev 0x7002904, size 30720 + sig 0x000606a6, pf_mask 0x87, 2024-04-01, rev 0xd0003e7, size 308224 + sig 0x000606c1, pf_mask 0x10, 2024-04-03, rev 0x10002b0, size 300032 + sig 0x000706e5, pf_mask 0x80, 2024-02-15, rev 0x00c6, size 114688 + sig 0x000806c1, pf_mask 0x80, 2024-02-15, rev 0x00b8, size 112640 + sig 0x000806c2, pf_mask 0xc2, 2024-02-15, rev 0x0038, size 99328 + sig 0x000806d1, pf_mask 0xc2, 2024-02-15, rev 0x0052, size 104448 + sig 0x000806e9, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 106496 + sig 0x000806e9, pf_mask 0x10, 2024-02-01, rev 0x00f6, size 106496 + sig 0x000806ea, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 105472 + sig 0x000806eb, pf_mask 0xd0, 2024-02-01, rev 0x00f6, size 106496 + sig 0x000806ec, pf_mask 0x94, 2024-02-05, rev 0x00fc, size 106496 + sig 0x00090661, pf_mask 0x01, 2024-04-05, rev 0x001a, size 20480 + sig 0x000906ea, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 105472 + sig 0x000906eb, pf_mask 0x02, 2024-02-01, rev 0x00f6, size 106496 + sig 0x000906ec, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 106496 + sig 0x000906ed, pf_mask 0x22, 2024-02-05, rev 0x0100, size 106496 + sig 0x000a0652, pf_mask 0x20, 2024-02-01, rev 0x00fc, size 97280 + sig 0x000a0653, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 98304 + sig 0x000a0655, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 97280 + sig 0x000a0660, pf_mask 0x80, 2024-02-01, rev 0x00fe, size 97280 + sig 0x000a0661, pf_mask 0x80, 2024-02-01, rev 0x00fc, size 97280 + sig 0x000a0671, pf_mask 0x02, 2024-03-07, rev 0x0062, size 108544 + sig 0x000a06a4, pf_mask 0xe6, 2024-04-15, rev 0x001e, size 137216 + * source: update symlinks to reflect id of the latest release, 20240813 + * postinst, postrm: switch to dpkg-trigger to run update-initramfs + +3.20240531.1 [Sat, 01 Jun 2024 11:49:47 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * New upstream microcode datafile 20240531 + * Fix unspecified functional issues on Pentium Silver N/J5xxx, + Celeron N/J4xxx + * Updated Microcodes: + sig 0x000706a1, pf_mask 0x01, 2024-04-19, rev 0x0042, size 76800 + * source: update symlinks to reflect id of the latest release, 20240531 + +3.20240514.1~deb11u1 [Wed, 29 May 2024 23:31:29 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * Backport to Debian Bullseye + * debian/control: revert non-free-firmware change + +3.20240514.1 [Thu, 16 May 2024 21:40:52 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * New upstream microcode datafile 20240514 + * Mitigations for INTEL-SA-01051 (CVE-2023-45733) + Hardware logic contains race conditions in some Intel Processors may + allow an authenticated user to potentially enable partial information + disclosure via local access. + * Mitigations for INTEL-SA-01052 (CVE-2023-46103) + Sequence of processor instructions leads to unexpected behavior in + Intel Core Ultra Processors may allow an authenticated user to + potentially enable denial of service via local access. + * Mitigations for INTEL-SA-01036 (CVE-2023-45745, CVE-2023-47855) + Improper input validation in some Intel TDX module software before + version 1.5.05.46.698 may allow a privileged user to potentially enable + escalation of privilege via local access. + * Fix for unspecified functional issues on 4th gen and 5th gen Xeon + Scalable, 12th, 13th and 14th gen Intel Core processors, as well as for + Core i3 N-series processors. + * Updated microcodes: + sig 0x000806f8, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0, size 581632 + sig 0x000806f7, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0 + sig 0x000806f6, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0 + sig 0x000806f5, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0 + sig 0x000806f4, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0 + sig 0x000806f8, pf_mask 0x10, 2024-02-05, rev 0x2c000390, size 614400 + sig 0x000806f6, pf_mask 0x10, 2024-02-05, rev 0x2c000390 + sig 0x000806f5, pf_mask 0x10, 2024-02-05, rev 0x2c000390 + sig 0x000806f4, pf_mask 0x10, 2024-02-05, rev 0x2c000390 + sig 0x00090672, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256 + sig 0x00090675, pf_mask 0x07, 2023-12-05, rev 0x0035 + sig 0x000b06f2, pf_mask 0x07, 2023-12-05, rev 0x0035 + sig 0x000b06f5, pf_mask 0x07, 2023-12-05, rev 0x0035 + sig 0x000906a3, pf_mask 0x80, 2023-12-05, rev 0x0433, size 222208 + sig 0x000906a4, pf_mask 0x80, 2023-12-05, rev 0x0433 + sig 0x000906a4, pf_mask 0x40, 2023-12-07, rev 0x0007, size 119808 + sig 0x000b0671, pf_mask 0x32, 2024-01-25, rev 0x0123, size 215040 + sig 0x000b06e0, pf_mask 0x11, 2023-12-07, rev 0x0017, size 138240 + sig 0x000c06f2, pf_mask 0x87, 2024-02-05, rev 0x21000230, size 552960 + sig 0x000c06f1, pf_mask 0x87, 2024-02-05, rev 0x21000230 + * source: update symlinks to reflect id of the latest release, 20240514 + 3.20240312.1~deb10u1 [Sat, 04 May 2024 16:16:32 +0200] Tobias Frost <tobi@debian.org>: * Non-maintainer upload by the LTS Security Team. <http://piuparts.knut.univention.de/5.0-8/#9082096591144153387>
OK: bug OK: yaml OK: announce_errata OK: jenkins OK: piuparts Verified
<https://errata.software-univention.de/#/?erratum=5.0x1112>