Update microcode to 20180807 version

Bug #1787126 reported by Markus Schade
294
This bug affects 8 people
Affects Status Importance Assigned to Milestone
intel-microcode (Debian)
Fix Released
Unknown
intel-microcode (Ubuntu)
Fix Released
Undecided
Unassigned
Trusty
Fix Released
Undecided
Unassigned
Xenial
Fix Released
Undecided
Unassigned
Bionic
Fix Released
Undecided
Unassigned

Bug Description

Intel has released a new microcode version which includes updates for
further CPU models providing the necessary code for SSBD as well as the
recently disclosed L1TF vulnerability

https://downloadcenter.intel.com/download/28039/Linux-Processor-Microcode-Data-File

Debian should release an update shortly.

Please consider packaging this version to enable mitigations.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in intel-microcode (Ubuntu):
status: New → Confirmed
Revision history for this message
Henrique de Moraes Holschuh (hmh) wrote :

20180807 has license problems, and cannot be distributed at the moment.

Debian is waiting for Intel to address the matter. I assume Canonical will do the same.

Changed in intel-microcode (Debian):
status: Unknown → New
Revision history for this message
Markus Schade (lp-markusschade) wrote :

Intel has reverted the problematic licensing and Henrique has just released the updated Debian package. Please merge and updated the Ubuntu package.

Revision history for this message
Jeremy BĂ­cha (jbicha) wrote :
Download full text (3.4 KiB)

This bug was fixed in the package intel-microcode - 3.20180807a.1

---------------
intel-microcode (3.20180807a.1) unstable; urgency=high

  [ Henrique de Moraes Holschuh ]
  * New upstream microcode datafile 20180807a
    (closes: #906158, #906160, #903135, #903141)
    + New Microcodes:
      sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264
      sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216
      sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360
      sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336
      sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240
    + Updated Microcodes:
      sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288
      sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216
      sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216
      sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096
      sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288
      sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336
      sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312
      sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552
      sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432
      sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528
      sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600
      sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312
      sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328
      sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744
      sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013, size 22528
      sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012, size 22528
      sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384
      sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328
      sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728
      sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304
      sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304
      sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304
      sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280
      sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304
    + Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation)
      Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
    + Implements SSBD support (Spectre v4 mitigation),
      Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix)
      Intel SA-00115, CVE-2018-3639, CVE-2018-3640
    + Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation for older
      processors with signatures 0x106a5, 0x106e5, 0x20652, 0x20655.
      Intel SA-0088, CVE-2017-5753, CVE-2017-5754
  * source: update symlinks to reflect id of the latest release, 20180807a
  * debian/intel-microcode.docs: ship license and releasenote upstream files.
  * debian/changelog: update entry for 3.20180703.1 with L1TF information

  [ Julian Andres Klode ]
  * initramfs: include all microcode for MODULES=most.
    Default ...

Read more...

Changed in intel-microcode (Ubuntu):
status: Confirmed → Fix Released
information type: Public → Public Security
Changed in intel-microcode (Debian):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in intel-microcode (Ubuntu Bionic):
status: New → Confirmed
Changed in intel-microcode (Ubuntu Trusty):
status: New → Confirmed
Changed in intel-microcode (Ubuntu Xenial):
status: New → Confirmed
Revision history for this message
Steve Beattie (sbeattie) wrote :

Hi, this has been addressed in https://usn.ubuntu.com/3531-1/ . Thanks!

Revision history for this message
Steve Beattie (sbeattie) wrote :

Err, sorry, wrong USN. THe correct USN is https://usn.ubuntu.com/usn/usn-3756-1 . Thanks!

Changed in intel-microcode (Ubuntu Trusty):
status: Confirmed → Fix Released
Changed in intel-microcode (Ubuntu Xenial):
status: Confirmed → Fix Released
Changed in intel-microcode (Ubuntu Bionic):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.