| Summary: | microcode new security issues CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, fri, herman.viaene, jim, nicolas.salguero, sysadmin-bugs, tarazed25 |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | microcode-0.20200520-1.mga7.nonfree.src.rpm | CVE: | CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 |
| Status comment: | |||
|
Description
David Walser
2020-06-12 22:14:57 CEST
David Walser
2020-06-12 22:15:06 CEST
Whiteboard:
(none) =>
MGA7TOO Ubuntu has also issued advisories for this, the second fixing a regression: https://usn.ubuntu.com/4385-1/ https://usn.ubuntu.com/4385-2/ Fedora has issued an advisory for this on June 19: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y/ Assignee:
tmb =>
kernel Suggested advisory: ======================== The updated package fixes security vulnerabilities: Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543) Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0548) Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0549) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0548 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0549 https://www.debian.org/security/2020/dsa-4701 https://access.redhat.com/errata/RHSA-2020:2431 https://usn.ubuntu.com/4385-1/ https://usn.ubuntu.com/4385-2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y/ ======================== Updated package in core/updates_testing: ======================== microcode-0.20200609-1.mga7.nonfree from SRPM: microcode-0.20200609-1.mga7.nonfree.src.rpm Assignee:
kernel =>
qa-bugs Please use the latest 20200616. Intel had to revert the microcode updates for: SKL-U/Y D0 6-4e-3/c0 000000dc->000000d6 Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0 000000dc->000000d6 Core Gen6 Mobile SKL-H/S R0/N0 6-5e-3/36 000000dc->000000d6 Core Gen6; Xeon E3 v5 as the fixes in 20200609 caused systems to not boot... CC:
(none) =>
tmb
Thomas Backlund
2020-07-20 22:54:35 CEST
CC:
tmb =>
(none) Suggested advisory: ======================== The updated package fixes security vulnerabilities: Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543) Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0548) Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0549) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0548 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0549 https://www.debian.org/security/2020/dsa-4701 https://access.redhat.com/errata/RHSA-2020:2431 https://usn.ubuntu.com/4385-1/ https://usn.ubuntu.com/4385-2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y/ ======================== Updated package in core/updates_testing: ======================== microcode-0.20200616-1.mga7.nonfree from SRPM: microcode-0.20200616-1.mga7.nonfree.src.rpm Keywords:
feedback =>
(none) System: Host: canopus Kernel: 5.6.14-desktop-2.mga7 x86_64 CPU: 10-Core: Intel Core i9-7900X type: MT MCP speed: 1200 MHz nvidia v: 430.64 Updated microcode - rebooted $ sudo journalctl -xb | grep microcode Jul 22 15:13:03 canopus kernel: microcode: microcode updated early to revision 0x2006906, date = 2020-04-24 Jul 22 15:13:03 canopus kernel: microcode: sig=0x50654, pf=0x4, revision=0x2006906 Jul 22 15:13:03 canopus kernel: microcode: Microcode Update Driver: v2.2. Confused as usual by the dates. Does this look correct? CC:
(none) =>
tarazed25 Host: difda Kernel: 5.6.14-desktop-2.mga7 x86_64 Desktop System: MSI product: MS-7816 v: 3.0 Intel Core i7-4790 type: MT MCP speed: 3935 MHz OpenGL: renderer: GeForce GTX 970/PCIe/SSE2 v: 4.6.0 NVIDIA 430.64 $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x28, date = 2019-11-12 [ 0.603224] microcode: sig=0x306c3, pf=0x2, revision=0x28 [ 0.603447] microcode: Microcode Update Driver: v2.2. on mga7-64 package installed cleanly: - microcode-0.20200616-1.mga7.nonfree.noarch Executed 'dracut -f' and rebooted no regressions observed OK for mga7-64 on this system: Mobo: Dell model: 09WH54 v: UEFI [Legacy]: Dell v: 2.15.0 CPU: Intel Core i7-6700 Graphics: Intel HD Graphics 530 CC:
(none) =>
jim HP Probook 6550b, 64-bit Plasma system. I don't believe this update is supposed to affect the first-generation i3 in this machine, and indeed it appears that it doesn't. Installed the package, and rebooted. dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x11, date = 2018-05-08 [ 0.000462] MDS: Vulnerable: Clear CPU buffers attempted, no microcode [ 1.130743] microcode: sig=0x20652, pf=0x10, revision=0x11 [ 1.130814] microcode: Microcode Update Driver: v2.2. Date indicates a 2018 code, so no change. And, everything still works as it did before the update, so OK here. CC:
(none) =>
andrewsfarm MGA7-64 Plasma on Lenovo B50 i5-5200U CPU No installation issues Rebooted after installation, works OK CC:
(none) =>
herman.viaene i5-2500, Intel motherboard, 64-bit Plasma system. I don't believe this update is supposed to affect this second-generation i5 either, and it looks like it didn't. Installed the package, and rebooted. $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x2f, date = 2019-02-17 [ 0.765896] microcode: sig=0x206a7, pf=0x2, revision=0x2f [ 0.765996] microcode: Microcode Update Driver: v2.2. Note the 2019 date. And, everything still seems to work as it's supposed to. Updated and rebooted two days ago. Been running virtualbox, BOINC, all normal mga7-64, Plasma, nvidia-current, kernel 5.6.14-desktop-2.mga7 Machine Mainboard: Sabertooth P67, CPU: i7-3770, RAM 16G, Nvidia GM107 [GeForce GTX 750] sudo journalctl -b | grep microcode [sudo] lösenord för morgan: jul 23 00:19:10 svarten.tribun kernel: microcode: microcode updated early to revision 0x21, date = 2019-02-13 jul 23 00:19:10 svarten.tribun kernel: microcode: sig=0x306a9, pf=0x2, revision=0x21 jul 23 00:19:10 svarten.tribun kernel: microcode: Microcode Update Driver: v2.2. CC:
(none) =>
fri I'm going to send this one along. Advisory in Comment 6. Whiteboard:
(none) =>
MGA7-64-OK
Dave Hodgins
2020-07-31 09:12:24 CEST
CC:
(none) =>
davidwhodgins An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0298.html Status:
ASSIGNED =>
RESOLVED |