Bug 49484 – intel-microcode: Multiple issues (4.3)

Bug 49484 - intel-microcode: Multiple issues (4.3)


Summary:	intel-microcode: Multiple issues (4.3)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.3
Hardware:	All Linux

Importance:	P3 normal (vote)
Target Milestone:	UCS 4.3-4-errata
Assigned To:	Quality Assurance
QA Contact:	Philipp Hahn

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2019-05-15 15:24 CEST by Quality Assurance
Modified:	2019-05-16 16:14 CEST (History)
CC List:	0 users

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:	6.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Quality Assurance

2019-05-15 15:24:26 CEST

New Debian intel-microcode 3.20190514.1~deb9u1 fixes:
This update addresses the following issues:
* Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)
* Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)  (CVE-2018-12127)
* Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
* Microarchitectural Data Sampling Uncacheable Memory (MDSUM)  (CVE-2019-11091)

Comment 1 Quality Assurance

2019-05-15 15:27:05 CEST

--- mirror/ftp/4.3/unmaintained/4.3-4/source/intel-microcode_3.20180807a.2~deb9u1.dsc
+++ apt/ucs_4.3-0-errata4.3-4/source/intel-microcode_3.20190514.1~deb9u1.dsc
@@ -1,3 +1,83 @@
+3.20190514.1~deb9u1 [Tue, 14 May 2019 22:18:33 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * Rebuild for stretch-security (no changes)
+
+3.20190514.1 [Tue, 14 May 2019 21:49:08 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * New upstream microcode datafile 20190514
+  * SECURITY UPDATE
+    Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
+    CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
+  * New Microcodes:
+    sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224
+    sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224
+    sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224
+    sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632
+    sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608
+    sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104
+  * Updated Microcodes:
+    sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288
+    sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336
+    sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552
+    sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456
+    sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384
+    sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408
+    sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816
+    sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432
+    sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504
+    sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600
+    sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336
+    sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352
+    sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720
+    sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768
+    sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768
+    sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576
+    sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552
+    sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456
+    sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408
+    sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360
+    sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352
+    sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264
+    sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728
+    sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304
+    sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
+    sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
+    sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304
+    sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280
+    sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328
+    sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304
+    sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328
+    sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
+    sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280
+
+3.20190312.1 [Sat, 16 Mar 2019 21:07:54 -0300] Henrique de Moraes Holschuh <hmh@debian.org>:
+
+  * New upstream microcode datafile 20190312
+    + Removed Microcodes:
+      sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720
+    + New Microcodes:
+      sig 0x000806e9, pf_mask 0x10, 2018-10-18, rev 0x009e, size 98304
+      sig 0x000806eb, pf_mask 0xd0, 2018-10-25, rev 0x00a4, size 99328
+      sig 0x000806ec, pf_mask 0x94, 2019-02-12, rev 0x00b2, size 98304
+      sig 0x000906ec, pf_mask 0x22, 2018-09-29, rev 0x00a2, size 98304
+      sig 0x000906ed, pf_mask 0x22, 2019-02-04, rev 0x00b0, size 97280
+    + Updated Microcodes:
+      sig 0x000306f2, pf_mask 0x6f, 2018-11-20, rev 0x0041, size 34816
+      sig 0x000306f4, pf_mask 0x80, 2018-11-06, rev 0x0013, size 17408
+      sig 0x00050654, pf_mask 0xb7, 2019-01-28, rev 0x200005a, size 33792
+      sig 0x00050662, pf_mask 0x10, 2018-12-06, rev 0x0019, size 32768
+      sig 0x00050663, pf_mask 0x10, 2018-12-06, rev 0x7000016, size 23552
+      sig 0x00050664, pf_mask 0x10, 2018-11-17, rev 0xf000014, size 23552
+      sig 0x00050665, pf_mask 0x10, 2018-11-17, rev 0xe00000c, size 19456
+      sig 0x000506c9, pf_mask 0x03, 2018-09-14, rev 0x0036, size 17408
+      sig 0x000506ca, pf_mask 0x03, 2018-09-20, rev 0x0010, size 15360
+      sig 0x000706a1, pf_mask 0x01, 2018-09-21, rev 0x002c, size 73728
+      sig 0x000806e9, pf_mask 0xc0, 2018-07-16, rev 0x009a, size 98304
+      sig 0x000806ea, pf_mask 0xc0, 2018-10-18, rev 0x009e, size 98304
+      sig 0x000906e9, pf_mask 0x2a, 2018-07-16, rev 0x009a, size 98304
+      sig 0x000906ea, pf_mask 0x22, 2018-12-12, rev 0x00aa, size 98304
+      sig 0x000906eb, pf_mask 0x02, 2018-12-12, rev 0x00aa, size 99328
+
 3.20180807a.2~deb9u1 [Sun, 27 Jan 2019 13:07:47 -0200] Henrique de Moraes Holschuh <hmh@debian.org>:
 
   * Release managers:

<http://10.200.17.11/4.3-4/#8419390385419565901>

Comment 2 Philipp Hahn

2019-05-16 08:44:05 CEST

OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.3-4] 8bd291b448 Bug #49484: intel-microcode 3.20190514.1~deb9u1
 doc/errata/staging/{linux.yaml => intel-microcode.yaml} | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

Comment 3 Arvid Requate

2019-05-16 16:14:30 CEST

<http://errata.software-univention.de/ucs/4.3/503.html>