Bug 28579

Summary: Update request: microcode-0.20210216-1.mga7/8.nonfree
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: fri, ouaurelien, sysadmin-bugs, tarazed25
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7TOO MGA7-64-OK MGA8-64-OK
Source RPM: microcode CVE:
Status comment:

Description Thomas Backlund 2021-03-10 20:33:45 CET 
Advisory:
This update adds new microcode updates to mitigate CVE-2020-8696 for Intel
Skylake server (50654) and Cascade Lake Server (50656 & 50657) processors.
The new microcode update mitigates an issue when using an active JTAG agent
like In Target Probe (ITP), Direct Connect Interface (DCI) or a Baseboard
Management Controller (BMC) to take the CPU JTAG/TAP out of reset and then
returning it to reset.

Improper isolation of shared resources in some Intel(R) Processors may
allow an authenticated user to potentially enable information disclosure
via local access (CVE-2020-8698).

Improper removal of sensitive information before storage or transfer in
some Intel(R) Processors may allow an authenticated user to potentially
enable information disclosure via local access (CVE-2020-8696).

Reference:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html



SRPM:
microcode-0.20210216-1.mga7.nonfree.src.rpm
microcode-0.20210216-1.mga8.nonfree.src.rpm



noarch:
microcode-0.20210216-1.mga7.nonfree.noarch.rpm
microcode-0.20210216-1.mga8.nonfree.noarch.rpm
Thomas Backlund 2021-03-10 20:33:55 CET

Whiteboard: (none) => MGA7TOO

Comment 1 Thomas Backlund 2021-03-10 20:38:42 CET 
Note to testers...

As I dont think anyone in QA actually have access to the server cpus that this update affects, the test is basically to ensure in installs properly...
Comment 2 Thomas Backlund 2021-03-10 20:43:17 CET 
Other name of processors are:

Xeon Scalable (SKX-SP)
Xeon D-21xx (SKX-D)
Xeon Scalable Gen2 (CLX-SP)
Comment 3 Morgan Leijström 2021-03-10 21:55:36 CET 
mga7 64 bit OK on My workstation "svarten": Mainboard: Sabertooth P67, CPU: i7-3770.

Clean update, reboot, no errors in journal, no regression noted in my normal use.

CC: (none) => fri

Comment 4 Len Lawrence 2021-03-10 23:53:30 CET 
+1 here.
$ sudo journalctl -xb | grep microcode
Mar 10 22:40:29 canopus [RPM][794779]: erase microcode-0.20201118-2.mga8.nonfree.noarch: success
Mar 10 22:40:30 canopus [RPM][794779]: install microcode-0.20210216-1.mga8.nonfree.noarch: success

ASUSTeK model: TUF X299 MARK 2
Intel Core i9-7900X

CC: (none) => tarazed25

Comment 5 Aurelien Oudelet 2021-03-16 15:57:57 CET 
microcode-0.20210216-1.mga8.nonfree.noarch    jeu. 11 mars 2021 09:13:24

For MGA8 x86_64 Plasma with Intel Core i5 6600K
No regression.

3 testers. 1 MGA7 and 2 MGA8

Validating.
Advisory pushed to SVN.

Keywords: (none) => advisory, validated_update
CC: (none) => ouaurelien, sysadmin-bugs
Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OK MGA8-64-OK

Comment 6 Mageia Robot 2021-03-17 07:17:33 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0140.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED