Bug 22762 - Update request: microcode 2018-03-12
Summary: Update request: microcode 2018-03-12
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK, MGA6-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks: 22731
  Show dependency treegraph
 
Reported: 2018-03-13 23:19 CET by Thomas Backlund
Modified: 2018-03-19 13:14 CET (History)
8 users (show)

See Also:
Source RPM: microcode
CVE:
Status comment:


Attachments

Description Thomas Backlund 2018-03-13 23:19:20 CET
Intel has finally relased their full fixed firmware rollout for Spectre/Meltdown...


SRPMS:
microcode-0.20180312-1.mga6.nonfree.src.rpm


noarch:
microcode-0.20180312-1.mga6.nonfree.noarch.rpm
Comment 1 claire robinson 2018-03-14 15:27:35 CET
Installed. Rebooted from complete power down. Date looks odd Thomas, is this correct?

$ rpm -q microcode
microcode-0.20180312-1.mga6.nonfree

$ dmesg | grep microcode
[    0.000000] microcode: microcode updated early to revision 0x80, date = 2018-01-04
[    0.000000] Intel Spectre v2 broken microcode detected; disabling Speculation Control
[    0.786864] microcode: sig=0x806e9, pf=0x80, revision=0x80
[    0.786989] microcode: Microcode Update Driver: v2.2.
Comment 2 Thomas Backlund 2018-03-14 15:30:38 CET
ok, seems Intel did not fix all microcodes yet :/

And kernel detects the broken microcode and refuses to enable Spectre v2 mitigations on that cpu ...

What cpu is it ?
Comment 3 claire robinson 2018-03-14 15:32:26 CET
$ cat /proc/cpuinfo
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 142
model name	: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
stepping	: 9
microcode	: 0x80
cpu MHz		: 3100.151
cache size	: 3072 KB
physical id	: 0
siblings	: 4
core id		: 0
cpu cores	: 2
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 22
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
bugs		: cpu_meltdown spectre_v1 spectre_v2
bogomips	: 5424.00
clflush size	: 64
cache_alignment	: 64
address sizes	: 39 bits physical, 48 bits virtual
power management:
Comment 4 Thomas Backlund 2018-03-14 15:35:58 CET
ah, wait... you need to recreate the initrd for early firmware loading

Just do a

dracut -f

and reboot
Thomas Backlund 2018-03-14 15:37:33 CET

Blocks: (none) => 22731

Comment 5 claire robinson 2018-03-14 15:43:34 CET
Is 2018-01-21 correct for this microcode?

$ dmesg | grep microcode
[    0.000000] microcode: microcode updated early to revision 0x84, date = 2018-01-21
[    0.783326] microcode: sig=0x806e9, pf=0x80, revision=0x84
[    0.783454] microcode: Microcode Update Driver: v2.2.
Comment 6 Thomas Backlund 2018-03-14 15:45:55 CET
(In reply to claire robinson from comment #5)
> Is 2018-01-21 correct for this microcode?
> 
> $ dmesg | grep microcode
> [    0.000000] microcode: microcode updated early to revision 0x84, date =
> 2018-01-21
> [    0.783326] microcode: sig=0x806e9, pf=0x80, revision=0x84
> [    0.783454] microcode: Microcode Update Driver: v2.2.

Yep. They have gone through a _long_ validation to not repeat the first microcode mess...
Comment 7 Thomas Backlund 2018-03-14 15:59:28 CET
And here is the changelog for the firmwares
https://downloadcenter.intel.com/download/27591/Linux-Processor-Microcode-Data-File?product=873

It references the fixed "revisions", not the dates of them
Comment 8 James Kerr 2018-03-14 20:50:00 CET
on mga6-64  4.14.25-desktop

before updating:
$ dmesg | grep microcode
[    0.000000] microcode: microcode updated early to revision 0xc2, date = 2017-11-16
[    0.000000] Intel Spectre v2 broken microcode detected; disabling Speculation Control
[    0.511261] microcode: sig=0x506e3, pf=0x2, revision=0xc2
[    0.511590] microcode: Microcode Update Driver: v2.2.

after installing microcode-0.20180312-1.mga6.nonfree.noarch
executing dracut -f and re-booting:

$ dmesg | grep microcode
[    0.000000] microcode: microcode updated early to revision 0xc2, date = 2017-11-16
[    0.000000] Intel Spectre v2 broken microcode detected; disabling Speculation Control
[    0.511278] microcode: sig=0x506e3, pf=0x2, revision=0xc2
[    0.511603] microcode: Microcode Update Driver: v2.2.

$ rpm -q microcode
microcode-0.20180312-1.mga6.nonfree

ls -ll /boot
-rw------- 1 root root  9813122 Mar 14 19:08 initrd-4.14.25-desktop-1.mga6.img

$ cat /proc/cpuinfo
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 94
model name      : Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
stepping        : 3
microcode       : 0xc2
cpu MHz         : 3959.747
cache size      : 8192 KB
physical id     : 0
siblings        : 8
core id         : 0
cpu cores       : 4
apicid          : 0
initial apicid  : 0
fpu             : yes
fpu_exception   : yes
cpuid level     : 22
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
bugs            : cpu_meltdown spectre_v1 spectre_v2
bogomips        : 6816.00
clflush size    : 64
cache_alignment : 64
address sizes   : 39 bits physical, 48 bits virtual
power management:

Am I correct in believing that my CPU is not included in this update? If I'm understanding the release notes correctly it is not among the i7 CPU's listed.

CC: (none) => jim

Comment 9 claire robinson 2018-03-14 21:43:35 CET
Try "# dracut -f" Jim.

This will be pushed with the kernel so the initrd should be rebuilt with new microcode.

Is there anything to ensure microcode is installed before the kernel Thomas, so that it isn't missed from the initrd build?
Comment 10 claire robinson 2018-03-14 22:02:11 CET
That doesn't really help though if it's installed separately. Should this instead rebuild initrd for itself?
Comment 11 Len Lawrence 2018-03-14 23:37:46 CET
Mageia 6, x86_64

CPU:       Quad core Intel Core i7-4790 (-HT-MCP-)

$ rpm -q microcode
microcode-0.20180108-1.mga6.nonfree

Forgot 'dracut -f'.
Warm reboot.

$ rpm -q microcode
microcode-0.20180312-1.mga6.nonfree
$ dmesg  | grep microcode
[    0.000000] microcode: microcode updated early to revision 0x23, date = 2017-11-20
[    0.000000] Intel Spectre v2 broken microcode detected; disabling Speculation Control
[    0.426314] microcode: sig=0x306c3, pf=0x2, revision=0x23
[    0.426626] microcode: Microcode Update Driver: v2.2.

$ sudo dracut -f

Cold boot.
$ dmesg | grep microcode
[    0.000000] microcode: microcode updated early to revision 0x24, date = 2018-01-21
[    0.422720] microcode: sig=0x306c3, pf=0x2, revision=0x24
[    0.423024] microcode: Microcode Update Driver: v2.2.

CC: (none) => tarazed25

Comment 12 Len Lawrence 2018-03-14 23:50:52 CET
x86_64, another machine.

CPU:       Quad core Intel Core i7-4790K (-HT-MCP-)
Installed new microcode.
# dracut -f

Warm boot.

$ rpm -q microcode
microcode-0.20180312-1.mga6.nonfree
[lcl@vega ~]$ dmesg | grep microcode
[    0.000000] microcode: microcode updated early to revision 0x24, date = 2018-01-21
[    0.466867] microcode: sig=0x306c3, pf=0x2, revision=0x24
[    0.466934] microcode: Microcode Update Driver: v2.2.
[    2.262382] em28xx 3-2:1.0: 	microcode start address = 0x0004, boot configuration = 0x01
Comment 13 Len Lawrence 2018-03-15 00:05:55 CET
x86_64, Dell XPS 13
CPU:       Dual core Intel Core i7-7500U (-HT-MCP-)

$ rpm -q microcode
microcode-0.20180312-1.mga6.nonfree
$ sudo dracut -f

Warm boot.

$ dmesg | grep microcode
[    0.000000] microcode: microcode updated early to revision 0x84, date = 2018-01-21
[    0.552282] microcode: sig=0x806e9, pf=0x80, revision=0x84
[    0.552425] microcode: Microcode Update Driver: v2.2.
Comment 14 Len Lawrence 2018-03-15 00:24:08 CET
x86, Dell Alienware X51
CPU:       Quad core Intel Core i7-2600 (-HT-MCP-)
The microcode in use was dated 2013-06-12

Followed the same procedure as before.

$ dmesg | grep microcode
[    0.000000] microcode: microcode updated early to revision 0x2d, date = 2018-02-07
[    0.372529] microcode: sig=0x206a7, pf=0x2, revision=0x2d
[    0.372686] microcode: Microcode Update Driver: v2.2.

Does 2018-02-07 make sense?
Comment 15 Len Lawrence 2018-03-15 00:45:28 CET
x86_64, Aorus X5

CPU:       Quad core Intel Core i7-5700HQ (-HT-MCP-)

The new firmware was loaded after a warm reboot.
$ dmesg | grep microcode
[    0.000000] microcode: microcode updated early to revision 0x1d, date = 2018-01-21
[    0.932395] microcode: sig=0x40671, pf=0x20, revision=0x1d
[    0.932673] microcode: Microcode Update Driver: v2.2.
Comment 16 James Kerr 2018-03-15 06:49:20 CET
(In reply to claire robinson from comment #9)
> Try "# dracut -f" Jim.
> 

Thanks, Claire, but that is what I did and the initrd was rebuilt. The timestamp on the file was updated.

Contrary to my earlier (mis)understanding this CPU is listed as one of those included in this update:

https://downloadcenter.intel.com/product/88196/Intel-Core-i7-6700-Processor-8M-Cache-up-to-4-00-GHz-

I downgraded microcode, rebuilt the initrd and re-booted. Then installed the update again, rebuilt the initrd and re-booted, but the result is the same as I reported in comment#8

I'm at a loss as to what else I can do.
Comment 17 Mauricio Andrés Bustamante Viveros 2018-03-15 06:56:26 CET
Installed the microcode update testing package in VBOX 5.2.8

[neoser10@MGA6 ~]$ su
Contraseña: 
[root@MGA6 neoser10]# dmesg | grep microcode
[root@MGA6 neoser10]# dracut -f
dracut: Executing: /usr/bin/dracut -f
dracut: dracut module 'bootchart' will not be installed, because command '/sbin/bootchartd' could not be found!
dracut: dracut module 'systemd' will not be installed, because it's in the list to be omitted!
dracut: dracut module 'systemd-bootchart' will not be installed, because command '/usr/lib/systemd/systemd-bootchart' could not be found!
dracut: systemd-initrd needs systemd in the initramfs
dracut: dracut module 'caps' will not be installed, because command 'capsh' could not be found!
dracut: systemd-networkd needs systemd in the initramfs
dracut: dracut module 'modsign' will not be installed, because command 'keyctl' could not be found!
dracut: dracut module 'busybox' will not be installed, because command 'busybox' could not be found!
dracut: dracut module 'network' will not be installed, because it's in the list to be omitted!
dracut: dracut module 'network' will not be installed, because it's in the list to be omitted!
dracut: dracut module 'ifcfg' depends on 'network', which can't be installed
dracut: dracut module 'mdraid' will not be installed, because command 'mdadm' could not be found!
dracut: dracut module 'multipath' will not be installed, because command 'multipath' could not be found!
dracut: dracut module 'cifs' will not be installed, because command 'mount.cifs' could not be found!
dracut: dracut module 'iscsi' will not be installed, because command 'iscsistart' could not be found!
dracut: dracut module 'iscsi' will not be installed, because command 'iscsi-iname' could not be found!
dracut: 95nfs: Could not find any command of 'rpcbind portmap'!
dracut: dracut module 'biosdevname' will not be installed, because command 'biosdevname' could not be found!
dracut: dracut module 'masterkey' will not be installed, because command 'keyctl' could not be found!
dracut: dracut-systemd needs systemd-initrd in the initramfs
dracut: dracut module 'caps' will not be installed, because command 'capsh' could not be found!
dracut: dracut module 'modsign' will not be installed, because command 'keyctl' could not be found!
dracut: dracut module 'busybox' will not be installed, because command 'busybox' could not be found!
dracut: dracut module 'ifcfg' depends on 'network', which can't be installed
dracut: dracut module 'mdraid' will not be installed, because command 'mdadm' could not be found!
dracut: dracut module 'multipath' will not be installed, because command 'multipath' could not be found!
dracut: dracut module 'cifs' will not be installed, because command 'mount.cifs' could not be found!
dracut: dracut module 'iscsi' will not be installed, because command 'iscsistart' could not be found!
dracut: dracut module 'iscsi' will not be installed, because command 'iscsi-iname' could not be found!
dracut: 95nfs: Could not find any command of 'rpcbind portmap'!
dracut: dracut module 'masterkey' will not be installed, because command 'keyctl' could not be found!
dracut: *** Including module: bash ***
dracut: *** Including module: dash ***
dracut: *** Including module: i18n ***
dracut: *** Including module: drm ***
dracut: *** Including module: plymouth ***
dracut: *** Including module: kernel-modules ***
dracut: *** Including module: resume ***
dracut: *** Including module: rootfs-block ***
dracut: *** Including module: terminfo ***
dracut: *** Including module: udev-rules ***
dracut: Skipping udev rule: 40-redhat.rules
dracut: Skipping udev rule: 50-firmware.rules
dracut: Skipping udev rule: 50-udev.rules
dracut: Skipping udev rule: 91-permissions.rules
dracut: Skipping udev rule: 80-drivers-modprobe.rules
dracut: *** Including module: usrmount ***
dracut: *** Including module: base ***
dracut: *** Including module: fs-lib ***
dracut: *** Including module: shutdown ***
dracut: *** Including modules done ***
dracut: *** Installing kernel module dependencies and firmware ***
dracut: *** Installing kernel module dependencies and firmware done ***
dracut: *** Resolving executable dependencies ***
dracut: *** Resolving executable dependencies done***
dracut: Could not find 'strip'. Not stripping the initramfs.
dracut: *** Generating early-microcode cpio image ***
dracut: *** Constructing GenuineIntel.bin ****
dracut: *** Store current command line parameters ***
dracut: Stored kernel commandline:
dracut:  rd.driver.pre=ata_piix 
 rd.driver.pre=pata_acpi 
 rd.driver.pre=ata_generic 
 rd.driver.pre=ahci 
 rd.driver.pre=piix 
 rd.driver.pre=ide_pci_generic 
dracut:  resume=UUID=38a78b6c-450a-44d4-99a0-1edb3adb77c7 resume=UUID=38a78b6c-450a-44d4-99a0-1edb3adb77c7
dracut:  root=UUID=b24d8367-7814-49af-8c30-86212e431573 rootfstype=ext4 rootflags=rw,relatime,data=ordered
dracut: *** Creating image file '/boot/initrd-4.14.25-desktop-1.mga6.img' ***
dracut: *** Creating initramfs image file '/boot/initrd-4.14.25-desktop-1.mga6.img' done ***
[root@MGA6 neoser10]# 

Rebooting
dmesg | grep microcode & journalctl | grep microcode did not show messages (remember I am using vbox)

Processor Info: (covered by microcode update as listed in download page)
Intel Pentium Dual Core E5200/Wolfdale @2.50 Ghz
Family 6 Model 7 Stepping 6 Extended Family 6 Extended Model 17 Revision M0

CC: (none) => neoser10

Comment 18 Len Lawrence 2018-03-15 08:40:43 CET
x86_64 on Lenovo Ideapad Y500.
CPU:       Quad core Intel Core i7-3630QM (-HT-MCP-)
Warm reboot.

$ dmesg | grep microcode
[    0.000000] microcode: microcode updated early to revision 0x1f, date = 2018-02-07
[    1.602541] microcode: sig=0x306a9, pf=0x10, revision=0x1f
[    1.602792] microcode: Microcode Update Driver: v2.2.
Comment 19 Stig-Ørjan Smelror 2018-03-15 09:35:59 CET
x86_64 Dell Precision T1600
CPU Intel(R) Xeon(R) CPU E31270 @ 3.40GHz

$ dmesg | grep microcode
[    0.000000] microcode: microcode updated early to revision 0x2d, date = 2018-02-07
[    1.633399] microcode: sig=0x206a7, pf=0x2, revision=0x2d
[    1.633686] microcode: Microcode Update Driver: v2.2.

CC: (none) => smelror

Comment 20 PC LX 2018-03-16 14:57:30 CET
Installed without issues. Does nothing new on a Intel Q9400 CPU.

$ rpm -q microcode
microcode-0.20180312-1.mga6.nonfree

The following output is the same before and after the update.

$ egrep  'model name|flags|bugs' /proc/cpuinfo | head -n 4
model name      : Intel(R) Core(TM)2 Quad CPU    Q9400  @ 2.66GHz
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good nopl cpuid aperfmperf pni dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm pti tpr_shadow vnmi flexpriority dtherm
bugs            : cpu_meltdown spectre_v1 spectre_v2
$ journalctl -b0 | grep microcode
Mar 15 09:27:45 marte kernel: microcode: microcode updated early to revision 0xa0b, date = 2010-09-28
Mar 15 09:27:45 marte kernel: microcode: sig=0x1067a, pf=0x10, revision=0xa0b
Mar 15 09:27:45 marte kernel: microcode: Microcode Update Driver: v2.2.

CC: (none) => mageia

Comment 21 Thomas Andrews 2018-03-17 21:14:28 CET
Does nothing for my Core 2 Duo E8400, either - even though it's on the list.

On my production install this afternoon, I started by updating to Plasma 5.12.2, except for the glib2 packages, mostly to clear the clutter out of the list presented by Updates Testing. (Plasma working perfectly, BTW.)

After a warm boot and a few tests of Plasma, I went after kernel 4.14.25, including idetect.lst and these microcodes, all in one operation. If I'm understanding the above comments, that should mean that dracut wasn't needed.
After a reboot, I saw this:

$ dmesg | grep microcode
[    0.000000] microcode: microcode updated early to revision 0xa0b, date = 2010-09-28
[    2.752493] microcode: sig=0x1067a, pf=0x1, revision=0xa0b
[    2.752531] microcode: Microcode Update Driver: v2.2.

$ egrep  'model name|flags|bugs' /proc/cpuinfo | head -n 4
model name      : Intel(R) Core(TM)2 Duo CPU     E8400  @ 3.00GHz
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good nopl cpuid aperfmperf pni dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm pti tpr_shadow vnmi flexpriority dtherm
bugs            : cpu_meltdown spectre_v1 spectre_v2
model name      : Intel(R) Core(TM)2 Duo CPU     E8400  @ 3.00GHz

I ran "dracut -f" and did a cold boot, just in case, but the results are the same.

Personal speculation: Intel only revised microcodes for processors newer than a certain age. The microcodes included for processors older than that are simply the same ones as before, carried through. And most likely, Intel has no intention of updating microcodes for those older processors. Ever.

On the plus side, I don't see anything that these updates "breaks" on this older hardware that wasn't "broken" before.

CC: (none) => andrewsfarm

Comment 22 Lewis Smith 2018-03-18 17:41:56 CET
Testing M6 x64 real EFI hardware with AMD E1-1200 processor

Doubting that it is relevant to this update, but it *was* offered.

kernel: 4.14.25-desktop-1.mga6      [previously installed]
microcode-0.20180312-1.mga6.nonfree

After updating the microcode to that shown, re-boot, then
 # dracut -f
from a virtual terminal, which (like c17) spilled heaps of messages about omitting things because of missing commands. Initrd was re-made, however:
-rw------- 1 root root 11933080 Maw  18 17:20 /boot/initrd-4.14.25-desktop-1.mga6.img

Re-boot again, here I am.

From PC_LX c20:
 $ journalctl -b0 | grep microcode
Maw 18 17:22:33 localhost.localdomain kernel: microcode: microcode updated early to new patch_level=0x05000119
Maw 18 17:22:33 localhost.localdomain kernel: microcode: CPU0: patch_level=0x05000119
Maw 18 17:22:33 localhost.localdomain kernel: microcode: CPU1: patch_level=0x05000119
Maw 18 17:22:33 localhost.localdomain kernel: microcode: Microcode Update Driver: v2.2.

$ cat /proc/cpuinfo
processor	: 0
vendor_id	: AuthenticAMD
cpu family	: 20
model		: 2
model name	: AMD E1-1200 APU with Radeon(tm) HD Graphics
stepping	: 0
microcode	: 0x5000119
...
processor	: 1
vendor_id	: AuthenticAMD
cpu family	: 20
model		: 2
model name	: AMD E1-1200 APU with Radeon(tm) HD Graphics
stepping	: 0
microcode	: 0x5000119

No problems to date.
Comment 23 Lewis Smith 2018-03-19 10:23:28 CET
@Thomas
Apart from the uncertainty about initrd & the need ? for '# dracut -f', the end result looks OK; what is your view? - the one that matters. It would be nice to wrap up these two updates.

CC: (none) => lewyssmith

Comment 24 Thomas Backlund 2018-03-19 12:27:25 CET
As we push kernel and microcode at the same time, it will get automatically added in the new kernel initrd.

I've also added a comment if people want to add it in current initrd to use dracut -f



Advisory (also added to svn):

type: security
subject: Updated microcode packages fix security vulnerabilities
CVE:
 - CVE-2017-5715
src:
  6:
   nonfree:
     - microcode-0.20180312-1.mga6.nonfree
description: |
  This update provides new microcode fixes and mitigations for Spectre
  (CVE-2017-5715) for many Intel CPUs produced in the last 5 years.

  So far the Intel microcode updates are for several processors from many
  of Intel Haswell, Broadwell, Skylake, Kaby Lake, Coffee Lake, Gemini Lake,
  Apollo Lake, Crystal Well and IVT platforms.

  Theese updated microcodes should also fix the instabilities that some
  users experienced with the earlier microcode updates released in
  MGASA-2018-0079.

  We will provide more microcode updates later on when they are made
  available by Intel and Amd.

  if you want to use this microcode on your current running kernel,
  you need to re-create the initrd (initial ramdisk used at boot time),
  you can do so by issuing the command 'dracut -f' as root, and reboot
  your system

  We also suggest that you check if there is updated  BIOS and EFI
  firmwares from your hardware vendor.

  For a list of updated microcode revisions, read the referened Intel list page.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=22762
 - https://downloadcenter.intel.com/download/27591/Linux-Processor-Microcode-Data-File?product=873

Keywords: (none) => advisory, validated_update
Whiteboard: (none) => MGA6-64-OK, MGA6-32-OK
CC: (none) => sysadmin-bugs

Comment 25 Mageia Robot 2018-03-19 13:14:26 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0176.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.