Bug 23313

Summary: Update request: microcode-0.20180703-1.mga6.nonfree
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, fri, jim, sysadmin-bugs, tarazed25
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: mga6-64-ok, mga6-32-ok
Source RPM: microcode CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 23315    

Description Thomas Backlund 2018-07-17 13:04:35 CEST 
More spectre related updates, and a missed Amd fam15h fix

Intel changelog:
== 20180703 Release ==
-- Updates upon 20180425 release --
Processor             Identifier     Version       Products
Model        Stepping F-MO-S/PI      Old->New
---- updated platforms ------------------------------------
SNB-EP       C1       6-2d-6/6d 0000061c->0000061d Xeon E5
SNB-EP       C2       6-2d-7/6d 00000713->00000714 Xeon E5
IVT          C0       6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K
IVT          D1       6-3e-7/ed 00000713->00000714 Xeon E5 v2
HSX-E/EP/4S  C0       6-3f-2/6f 0000003c->0000003d Xeon E5 v3
HSX-EX       E0       6-3f-4/80 00000011->00000012 Xeon E7 v3
SKX-SP/D/W/X H0       6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX
BDX-DE       A1       6-56-5/10 0e000009->0e00000a Xeon D-15x3N
---- intel-ucode-with-caveats/ ----------------------------
BDX-ML       B/M/R0   6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx



SRPMS:
microcode-0.20180703-1.mga6.nonfree.src.rpm

i586:
microcode-0.20180703-1.mga6.nonfree.noarch.rpm

x86_64:
microcode-0.20180703-1.mga6.nonfree.noarch.rpm
Comment 1 Thomas Backlund 2018-07-17 13:27:31 CEST 
Already in use on Mageia infra, my own server, workstation and laptop
Comment 2 Len Lawrence 2018-07-17 17:22:48 CEST 
Installed on this system:

Kernel: 4.14.50-desktop-2.mga6 x86_64
Quad core Intel Core i7-4790 (-HT-MCP-) speed/max: 3834/4000 MHz
desktop Mobo: MSI model: Z97-G43 (MS-7816) v: 3.0
Graphics:  Card: NVIDIA GM204 [GeForce GTX 970]
RAM:       32 GB

Rebooted.
$ sudo journalctl -xb | grep microcode
Jul 17 16:15:47 difda kernel: microcode: microcode updated early to revision 0x24, date = 2018-01-21
Jul 17 16:15:47 difda kernel: microcode: sig=0x306c3, pf=0x2, revision=0x24
Jul 17 16:15:47 difda kernel: microcode: Microcode Update Driver: v2.2.
$ rpm -qa | grep microcode
microcode_ctl-2.1-7.mga6
microcode-0.20180703-1.mga6.nonfree

CC: (none) => tarazed25

Comment 3 Len Lawrence 2018-07-17 23:31:35 CEST 
Updated microcode and rebooted OK.  Actually before installing the new kernel.
Running Mate on:
System:    Host: vega Kernel: 4.14.56-desktop-1.mga6 x86_64
CPU:       Quad core Intel Core i7-4790K (-HT-MCP-) speed/max: 4399/4400 MHz
Graphics:  NVIDIA GK104 [GeForce GTX 770]

All looks OK.
Thomas Backlund 2018-07-18 00:45:07 CEST

Blocks: (none) => 23315

Comment 4 Morgan Leijström 2018-07-18 02:19:53 CEST 
Two machines updated to all updates in all updates_testing repos
64 bit OK on my workstation: i7-2600K, Nvidia GTX750 (GM107) using proprietary driver GeForce 420 and later, BOINC, LVM on LUKS on SSD, no wifi.

2) 64 bit OK on laptop Thinkpad T60, CPU core2Duo T5600, ati RV515/M54 X1400, wifi AR5418. Resume from suspend and hibernation *) OK except wifi need to be reconnected manually :/  (regression)

*) using Fn+F4 and Fn+F12 respectively - Somehow the Plasma battery icon have gone missing and logout menu do not contain suspend nor hibernate any longer!

CC: (none) => fri

Comment 5 Thomas Andrews 2018-07-18 04:48:47 CEST 
Real MBR hardware, Athlon X2, 8GB, nvidia 9800GT video, Atheros wifi. 64-bit Plasma system, using the server kernel.

Updated microcode, nonfree firmware, and server kernel in one operation. Packages all installed cleanly. Rebooted, tried all the usual suspects, no regressions noted.

CC: (none) => andrewsfarm

Comment 6 Thomas Andrews 2018-07-18 14:20:37 CEST 
Real hardware, HP 6550b, i3,8GB, Intel graphics, Intel wifi, 64-bit Plasma system, using the desktop kernel.

Performed the same tests as in Comment 5, with the same results.
Comment 7 James Kerr 2018-07-18 16:09:05 CEST 
OK for mga6-64:

https://bugs.mageia.org/show_bug.cgi?id=23315#c8

CC: (none) => jim

Comment 8 James Kerr 2018-07-19 16:53:59 CEST 
Also OK for mga6-64 on an nvidia system

https://bugs.mageia.org/show_bug.cgi?id=23315#c9
Comment 9 Len Lawrence 2018-07-19 19:49:45 CEST 
System:    Host: markab Kernel: 4.14.50-desktop-2.mga6 x86_64
CPU:       Quad core Intel Core i7-5700HQ (-HT-MCP-) speed/max: 2695/3500 MHz
           Mobo: GIGABYTE model: X5
Graphics:  Card-1: NVIDIA GM204M [GeForce GTX 965M]
           GLX Version: 4.6.0 NVIDIA 390.59

Updated microcode and latest firmware.
Rebooted fine.  No problems evident.
Comment 10 James Kerr 2018-07-20 11:38:59 CEST 
OK for mga6-32

https://bugs.mageia.org/show_bug.cgi?id=23315#c11
Comment 11 Thomas Andrews 2018-07-20 14:08:50 CEST 
Real hardware, Dell Inspiron 5100, P4, 1GB RAM, Radeon 7500 graphics, old Atheros wifi. Running 32-bit Plasma, using the VESA video driver because the radeon driver won't work with Plasma on this system.

Updated microcodes, nonfree firmware, and the desktop kernel all in one operation. Packages all installed cleanly. Reboot successful, no regressions noted.
Comment 12 Rémi Verschelde 2018-07-23 15:16:08 CEST 
Tested OK on Mageia 6 x86_64, system described in bug 23316 comment 7.
Comment 13 Thomas Backlund 2018-07-25 08:23:45 CEST 
Advisory (added to svn):

type: security
subject: Updated microcode packages fix security vulnerability
CVE:
 - CVE-2018-3639
 - CVE-2018-3640
src:
  6:
   nonfree:
     - microcode-0.20180703-1.mga6.nonfree
description: |
  This microcode update provides the first set of fixes for Speculative Store
  Bypass (SSBD, Spectre v4, CVE-2018-3639) and  Rogue System Register Read
  (RSRE, Spectre v3a, CVE-2018-3640) for Intel Sandybridge server, Ivy Bridge
  server, Haswell server, Skylake server, Broadwell server, a few HEDT Core
  i7/i9 models.

  Included is also an AMD cpu microcode fix for family 15h Processor Revision
  ID 0x00610f01 missed in the MGASA-2018-0260 update.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=23313

Keywords: (none) => advisory

Comment 14 Thomas Backlund 2018-07-25 10:00:09 CEST 
Enough tests, validating

Keywords: (none) => validated_update
Whiteboard: (none) => mga6-64-ok, mga6-32-ok
CC: (none) => sysadmin-bugs

Comment 15 Mageia Robot 2018-07-25 10:25:21 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0322.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED