Bug 58597 - amd64-microcode: Multiple issues (5.2)
Summary: amd64-microcode: Multiple issues (5.2)
Status: CLOSED FIXED
Alias: None
Product: UCS
Classification: Unclassified
Component: Security updates
Version: UCS 5.2
Hardware: All Linux
: P3 normal
Target Milestone: UCS 5.2-3-errata
Assignee: Quality Assurance
QA Contact: Julia Bremer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-09-10 10:52 CEST by Quality Assurance
Modified: 2025-09-17 14:08 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score: 7.2 (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N) NVD

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2025-09-10 10:52:13 CEST 
New Debian amd64-microcode 3.20250311.1~deb12u1 fixes:
This update addresses the following issue:
3.20250311.1~deb12u1 (Fri, 20 Jun 2025 11:36:35 -0300)
* Rebuild for bookworm (revert merged-usr changes from unstable)
3.20250311.1 (Sun, 23 Mar 2025 21:13:20 -0300)
* Update package data from linux-firmware 20250311
* New AMD-SEV firmware from AMD upstream (20250221) * SECURITY UPDATE  (AMD-SB-3019 / CVE-2024-56161): Update remote attestation to be compatible  with AMD systems with up-to-date firmware (i.e. which fixes "EntrySign"),  and update AMD-SEV for AMD-SB-3019 mitigations. Note that this AMD-SEV  update DOES NOT FIX the microcode "EntrySign" vulnerability. + Updated SEV  firmware: Family 17h models 30h-3fh: version 0.24 build 20
Family 19h models 00h-0fh: version 1.55 build 29 Family 19h models 10h-1fh:
version 1.55 build 39 Family 19h models a0h-afh: version 1.55 build 39 + New
SEV firmware: Family 1ah models 00h-0fh: version 1.55 build 54
* New AMD microcode updates from AMD upstream (20241121) + Add patches for  many (non-server) family 19h processors * Updated Microcode patches: +  Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a0000a * New Microcode  patches: + Family=0x17 Model=0x60 Stepping=0x01: Patch=0x0860010d +  Family=0x17 Model=0x68 Stepping=0x01: Patch=0x08608108 + Family=0x17  Model=0x71 Stepping=0x00: Patch=0x08701034 + Family=0x19 Model=0x08  Stepping=0x02: Patch=0x0a00820c + Family=0x19 Model=0x18 Stepping=0x01:  Patch=0x0a108108 + Family=0x19 Model=0x21 Stepping=0x00: Patch=0x0a20102d +  Family=0x19 Model=0x21 Stepping=0x02: Patch=0x0a201210 + Family=0x19  Model=0x44 Stepping=0x01: Patch=0x0a404107 + Family=0x19 Model=0x50  Stepping=0x00: Patch=0x0a500011 + Family=0x19 Model=0x61 Stepping=0x02:  Patch=0x0a601209 + Family=0x19 Model=0x74 Stepping=0x01: Patch=0x0a704107 +  Family=0x19 Model=0x75 Stepping=0x02: Patch=0x0a705206 + Family=0x19  Model=0x78 Stepping=0x00: Patch=0x0a708007 + Family=0x19 Model=0x7c  Stepping=0x00: Patch=0x0a70c005
Comment 1 Quality Assurance univentionstaff 2025-09-10 12:00:38 CEST 
--- mirror/ftp/pool/main/a/amd64-microcode/amd64-microcode_3.20240820.1~deb12u1.dsc
+++ apt/ucs_5.2-0-errata5.2-3/source/amd64-microcode_3.20250311.1~deb12u1.dsc
@@ -1,3 +1,44 @@
+3.20250311.1~deb12u1 [Fri, 20 Jun 2025 11:36:35 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * Rebuild for bookworm (revert merged-usr changes from unstable)
+
+3.20250311.1 [Sun, 23 Mar 2025 21:13:20 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * Update package data from linux-firmware 20250311
+  * New AMD-SEV firmware from AMD upstream (20250221)
+    * SECURITY UPDATE (AMD-SB-3019 / CVE-2024-56161):
+      Update remote attestation to be compatible with AMD systems with
+      up-to-date firmware (i.e. which fixes "EntrySign"), and update
+      AMD-SEV for AMD-SB-3019 mitigations.  Note that this AMD-SEV
+      update DOES NOT FIX the microcode "EntrySign" vulnerability.
+      (closes: #1095470)
+    + Updated SEV firmware:
+        Family 17h models 30h-3fh: version 0.24 build 20
+        Family 19h models 00h-0fh: version 1.55 build 29
+        Family 19h models 10h-1fh: version 1.55 build 39
+        Family 19h models a0h-afh: version 1.55 build 39
+      + New SEV firmware:
+        Family 1ah models 00h-0fh: version 1.55 build 54
+  * New AMD microcode updates from AMD upstream (20241121)
+    + Add patches for many (non-server) family 19h processors
+    * Updated Microcode patches:
+      + Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a0000a
+    * New Microcode patches:
+      + Family=0x17 Model=0x60 Stepping=0x01: Patch=0x0860010d
+      + Family=0x17 Model=0x68 Stepping=0x01: Patch=0x08608108
+      + Family=0x17 Model=0x71 Stepping=0x00: Patch=0x08701034
+      + Family=0x19 Model=0x08 Stepping=0x02: Patch=0x0a00820c
+      + Family=0x19 Model=0x18 Stepping=0x01: Patch=0x0a108108
+      + Family=0x19 Model=0x21 Stepping=0x00: Patch=0x0a20102d
+      + Family=0x19 Model=0x21 Stepping=0x02: Patch=0x0a201210
+      + Family=0x19 Model=0x44 Stepping=0x01: Patch=0x0a404107
+      + Family=0x19 Model=0x50 Stepping=0x00: Patch=0x0a500011
+      + Family=0x19 Model=0x61 Stepping=0x02: Patch=0x0a601209
+      + Family=0x19 Model=0x74 Stepping=0x01: Patch=0x0a704107
+      + Family=0x19 Model=0x75 Stepping=0x02: Patch=0x0a705206
+      + Family=0x19 Model=0x78 Stepping=0x00: Patch=0x0a708007
+      + Family=0x19 Model=0x7c Stepping=0x00: Patch=0x0a70c005
+
 3.20240820.1~deb12u1 [Sat, 24 Aug 2024 09:24:14 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
 
   * Rebuild for bookworm (revert merged-usr changes from unstable)

<http://piuparts.knut.univention.de/5.2-3/#2211825959893300646>
Comment 2 Christian Castens univentionstaff 2025-09-16 09:53:06 CEST 
OK: bug
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[5.2-3] 19a5b14547 Bug #58597: amd64-microcode 3.20250311.1~deb12u1
 doc/errata/staging/amd64-microcode.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
Comment 3 Christian Castens univentionstaff 2025-09-17 14:08:53 CEST 
<https://errata.software-univention.de/#/?erratum=5.2x183>