New Debian intel-microcode 3.20241112.1~deb10u1 fixes: This update addresses the following issues: 3.20241112.1~deb10u1 (Mon, 23 Dec 2024 17:21:05 +0100) * Non-maintainer upload by the ELTS Security Team. * Rebuild for buster. 3.20241112.1~deb11u1 (Sat, 30 Nov 2024 15:15:42 +0100) * Non-maintainer upload by the LTS Security Team. * Rebuild for bullseye. 3.20241112.1~deb12u1 (Sat, 30 Nov 2024 13:13:14 +0100) * Rebuild for bookworm, (without the bits which are trixie-only) 3.20241112.1 (Thu, 14 Nov 2024 15:37:40 -0300) * New upstream microcode datafile 20241112 - Mitigations for INTEL-SA-01101 (CVE-2024-21853) Improper Finite State Machines (FSMs) in the Hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enable denial of service via local access. - Mitigations for INTEL-SA-01079 (CVE-2024-23918) Potential security vulnerabilities in some Intel Xeon processors using Intel SGX may allow escalation of privilege. Intel disclosed that some processor models were already fixed by a previous microcode update. - Updated mitigations for INTEL-SA-01097 (CVE-2024-24968) Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access. - Mitigations for INTEL-SA-01103 (CVE-2024-23984) A potential security vulnerability in the Running Average Power Limit (RAPL) interface for some Intel Processors may allow information disclosure. Added mitigations for more processor models. * Updated Microcodes: sig 0x000806f8, pf_mask 0x87, 2024-06-20, rev 0x2b000603, size 588800 sig 0x000806f7, pf_mask 0x87, 2024-06-20, rev 0x2b000603 sig 0x000806f6, pf_mask 0x87, 2024-06-20, rev 0x2b000603 sig 0x000806f5, pf_mask 0x87, 2024-06-20, rev 0x2b000603 sig 0x000806f4, pf_mask 0x87, 2024-06-20, rev 0x2b000603 sig 0x00090672, pf_mask 0x07, 2024-05-29, rev 0x0037, size 224256 sig 0x00090675, pf_mask 0x07, 2024-05-29, rev 0x0037 sig 0x000b06f2, pf_mask 0x07, 2024-05-29, rev 0x0037 sig 0x000b06f5, pf_mask 0x07, 2024-05-29, rev 0x0037 sig 0x000906a3, pf_mask 0x80, 2024-06-03, rev 0x0435, size 223232 sig 0x000906a4, pf_mask 0x80, 2024-06-03, rev 0x0435 sig 0x000a06a4, pf_mask 0xe6, 2024-08-02, rev 0x0020, size 138240 sig 0x000b06a2, pf_mask 0xe0, 2024-05-29, rev 0x4123, size 220160 sig 0x000b06a3, pf_mask 0xe0, 2024-05-29, rev 0x4123 sig 0x000b06a8, pf_mask 0xe0, 2024-05-29, rev 0x4123 sig 0x000c06f2, pf_mask 0x87, 2024-06-20, rev 0x21000283, size 560128 sig 0x000c06f1, pf_mask 0x87, 2024-06-20, rev 0x21000283 * source: update symlinks to reflect id of the latest release, 20241112 * Update changelog for 3.20240910.1 and 3.20240813.1 with new information: INTEL-SA-1103 was addressed by 3.20240813.1 for some processor models, and not by 3.20240910. INTEL-SA-1079 was addressed by 3.20240910.1 for some processor models. 3.20241029.1 (Thu, 14 Nov 2024 14:49:03 -0300) * New upstream microcode datafile 20241029 - Not relevant for operating system microcode updates - Only when loaded from firmware, this update fixes the critical, potentially hardware-damaging errata RPL061: Incorrect Internal Voltage Request on Raptor Lake (Core 13th/14th gen) Intel processors. * Updated Microcodes: sig 0x000b0671, pf_mask 0x32, 2024-08-29, rev 0x012b, size 211968
--- mirror/ftp/pool/main/i/intel-microcode/intel-microcode_3.20240910.1~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-9/source/intel-microcode_3.20241112.1~deb10u1.dsc @@ -1,3 +1,72 @@ +3.20241112.1~deb10u1 [Mon, 23 Dec 2024 17:21:05 +0100] Tobias Frost <tobi@debian.org>: + + * Non-maintainer upload by the ELTS Security Team. + * Rebuild for buster. + +3.20241112.1~deb11u1 [Sat, 30 Nov 2024 15:15:42 +0100] Tobias Frost <tobi@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * Rebuild for bullseye. + +3.20241112.1~deb12u1 [Sat, 30 Nov 2024 13:13:14 +0100] Tobias Frost <tobi@debian.org>: + + * Rebuild for bookworm, (without the bits which are trixie-only) + +3.20241112.1 [Thu, 14 Nov 2024 15:37:40 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * New upstream microcode datafile 20241112 (closes: #1086483) + - Mitigations for INTEL-SA-01101 (CVE-2024-21853) + Improper Finite State Machines (FSMs) in the Hardware logic in some + 4th and 5th Generation Intel Xeon Processors may allow an authorized + user to potentially enable denial of service via local access. + - Mitigations for INTEL-SA-01079 (CVE-2024-23918) + Potential security vulnerabilities in some Intel Xeon processors + using Intel SGX may allow escalation of privilege. Intel disclosed + that some processor models were already fixed by a previous + microcode update. + - Updated mitigations for INTEL-SA-01097 (CVE-2024-24968) + Improper finite state machines (FSMs) in hardware logic in some + Intel Processors may allow an privileged user to potentially enable a + denial of service via local access. + - Mitigations for INTEL-SA-01103 (CVE-2024-23984) + A potential security vulnerability in the Running Average Power Limit + (RAPL) interface for some Intel Processors may allow information + disclosure. Added mitigations for more processor models. + * Updated Microcodes: + sig 0x000806f8, pf_mask 0x87, 2024-06-20, rev 0x2b000603, size 588800 + sig 0x000806f7, pf_mask 0x87, 2024-06-20, rev 0x2b000603 + sig 0x000806f6, pf_mask 0x87, 2024-06-20, rev 0x2b000603 + sig 0x000806f5, pf_mask 0x87, 2024-06-20, rev 0x2b000603 + sig 0x000806f4, pf_mask 0x87, 2024-06-20, rev 0x2b000603 + sig 0x00090672, pf_mask 0x07, 2024-05-29, rev 0x0037, size 224256 + sig 0x00090675, pf_mask 0x07, 2024-05-29, rev 0x0037 + sig 0x000b06f2, pf_mask 0x07, 2024-05-29, rev 0x0037 + sig 0x000b06f5, pf_mask 0x07, 2024-05-29, rev 0x0037 + sig 0x000906a3, pf_mask 0x80, 2024-06-03, rev 0x0435, size 223232 + sig 0x000906a4, pf_mask 0x80, 2024-06-03, rev 0x0435 + sig 0x000a06a4, pf_mask 0xe6, 2024-08-02, rev 0x0020, size 138240 + sig 0x000b06a2, pf_mask 0xe0, 2024-05-29, rev 0x4123, size 220160 + sig 0x000b06a3, pf_mask 0xe0, 2024-05-29, rev 0x4123 + sig 0x000b06a8, pf_mask 0xe0, 2024-05-29, rev 0x4123 + sig 0x000c06f2, pf_mask 0x87, 2024-06-20, rev 0x21000283, size 560128 + sig 0x000c06f1, pf_mask 0x87, 2024-06-20, rev 0x21000283 + * source: update symlinks to reflect id of the latest release, 20241112 + * Update changelog for 3.20240910.1 and 3.20240813.1 with new information: + INTEL-SA-1103 was addressed by 3.20240813.1 for some processor models, + and not by 3.20240910. INTEL-SA-1079 was addressed by 3.20240910.1 for + some processor models. + +3.20241029.1 [Thu, 14 Nov 2024 14:49:03 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * New upstream microcode datafile 20241029 + - Not relevant for operating system microcode updates + - Only when loaded from firmware, this update fixes the critical, + potentially hardware-damaging errata RPL061: Incorrect Internal + Voltage Request on Raptor Lake (Core 13th/14th gen) Intel + processors. + * Updated Microcodes: + sig 0x000b0671, pf_mask 0x32, 2024-08-29, rev 0x012b, size 211968 + 3.20240910.1~deb10u1 [Sun, 24 Nov 2024 13:47:06 +0100] Tobias Frost <tobi@debian.org>: * Non-maintainer upload by the ELTS Security Team. <http://piuparts.knut.univention.de/5.0-9/#5787138796906650479>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-9] e2c55bc2fa Bug #57825: intel-microcode 3.20241112.1~deb10u1 doc/errata/staging/intel-microcode.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x1197>