New Debian intel-microcode 3.20241112.1~deb12u1 fixes: This update addresses the following issues: * Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-21820) * Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user to potentially enable denial of service via local access. (CVE-2024-21853) * Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-23918)
--- mirror/ftp/pool/main/i/intel-microcode/intel-microcode_3.20240910.1~deb12u1.dsc +++ apt/ucs_5.2-0-errata5.2-0/source/intel-microcode_3.20241112.1~deb12u1.dsc @@ -1,3 +1,63 @@ +3.20241112.1~deb12u1 [Sat, 07 Dec 2024 14:49:05 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * Build for bookworm + * All trixie-only changes (from 3.20240813.2) are reverted on this branch + +3.20241112.1 [Thu, 14 Nov 2024 15:37:40 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * New upstream microcode datafile 20241112 (closes: #1086483) + - Mitigations for INTEL-SA-01101 (CVE-2024-21853) + Improper Finite State Machines (FSMs) in the Hardware logic in some + 4th and 5th Generation Intel Xeon Processors may allow an authorized + user to potentially enable denial of service via local access. + - Mitigations for INTEL-SA-01079 (CVE-2024-23918) + Potential security vulnerabilities in some Intel Xeon processors + using Intel SGX may allow escalation of privilege. Intel disclosed + that some processor models were already fixed by a previous + microcode update. + - Updated mitigations for INTEL-SA-01097 (CVE-2024-24968) + Improper finite state machines (FSMs) in hardware logic in some + Intel Processors may allow an privileged user to potentially enable a + denial of service via local access. + - Mitigations for INTEL-SA-01103 (CVE-2024-23984) + A potential security vulnerability in the Running Average Power Limit + (RAPL) interface for some Intel Processors may allow information + disclosure. Added mitigations for more processor models. + * Updated Microcodes: + sig 0x000806f8, pf_mask 0x87, 2024-06-20, rev 0x2b000603, size 588800 + sig 0x000806f7, pf_mask 0x87, 2024-06-20, rev 0x2b000603 + sig 0x000806f6, pf_mask 0x87, 2024-06-20, rev 0x2b000603 + sig 0x000806f5, pf_mask 0x87, 2024-06-20, rev 0x2b000603 + sig 0x000806f4, pf_mask 0x87, 2024-06-20, rev 0x2b000603 + sig 0x00090672, pf_mask 0x07, 2024-05-29, rev 0x0037, size 224256 + sig 0x00090675, pf_mask 0x07, 2024-05-29, rev 0x0037 + sig 0x000b06f2, pf_mask 0x07, 2024-05-29, rev 0x0037 + sig 0x000b06f5, pf_mask 0x07, 2024-05-29, rev 0x0037 + sig 0x000906a3, pf_mask 0x80, 2024-06-03, rev 0x0435, size 223232 + sig 0x000906a4, pf_mask 0x80, 2024-06-03, rev 0x0435 + sig 0x000a06a4, pf_mask 0xe6, 2024-08-02, rev 0x0020, size 138240 + sig 0x000b06a2, pf_mask 0xe0, 2024-05-29, rev 0x4123, size 220160 + sig 0x000b06a3, pf_mask 0xe0, 2024-05-29, rev 0x4123 + sig 0x000b06a8, pf_mask 0xe0, 2024-05-29, rev 0x4123 + sig 0x000c06f2, pf_mask 0x87, 2024-06-20, rev 0x21000283, size 560128 + sig 0x000c06f1, pf_mask 0x87, 2024-06-20, rev 0x21000283 + * source: update symlinks to reflect id of the latest release, 20241112 + * Update changelog for 3.20240910.1 and 3.20240813.1 with new information: + INTEL-SA-1103 was addressed by 3.20240813.1 for some processor models, + and not by 3.20240910. INTEL-SA-1079 was addressed by 3.20240910.1 for + some processor models. + +3.20241029.1 [Thu, 14 Nov 2024 14:49:03 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: + + * New upstream microcode datafile 20241029 + - Not relevant for operating system microcode updates + - Only when loaded from firmware, this update fixes the critical, + potentially hardware-damaging errata RPL061: Incorrect Internal + Voltage Request on Raptor Lake (Core 13th/14th gen) Intel + processors. + * Updated Microcodes: + sig 0x000b0671, pf_mask 0x32, 2024-08-29, rev 0x012b, size 211968 + 3.20240910.1~deb12u1 [Fri, 01 Nov 2024 20:13:41 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: * Build for bookworm @@ -6,13 +66,10 @@ 3.20240910.1 [Sat, 21 Sep 2024 16:40:07 -0300] Henrique de Moraes Holschuh <hmh@debian.org>: * New upstream microcode datafile 20240910 (closes: #1081363) - - Mitigations for INTEL-SA-01103 (CVE-2024-23984) - A potential security vulnerability in the Running Average Power Limit - (RAPL) interface for some Intel Processors may allow information - disclosure. - Mitigations for INTEL-SA-01097 (CVE-2024-24968) - A potential security vulnerability in some Intel Processors may allow - denial of service. + Improper finite state machines (FSMs) in hardware logic in some + Intel Processors may allow an privileged user to potentially enable a + denial of service via local access. - Fixes for unspecified functional issues on several processor models - The processor voltage limit issue on Core 13rd/14th gen REQUIRES A FIRMWARE UPDATE. It is present in this release for sig 0xb0671, but <http://piuparts.knut.univention.de/5.2-0/#6051844423755980720>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.2-0] 891135e2c0 Bug #57916: intel-microcode 3.20241112.1~deb12u1 doc/errata/staging/intel-microcode.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.2x7>