the microcode side fixes of the Zobmieload series TSX Async Abort and iITLB Multihit SRPM: microcode-0.20191112-1.mga7.nonfree.src.rpm i586/x86_64: microcode-0.20191112-1.mga7.nonfree.noarch.rpm
on mga7-64 package installed cleanly: - microcode-0.20191112-1.mga7.nonfree.noarch $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0xd4, date = 2019-08-14 [ 0.770736] microcode: sig=0x506e3, pf=0x2, revision=0xd4 [ 0.770858] microcode: Microcode Update Driver: v2.2. No regressions observed OK for mga7-64 on this system: Mobo: Dell model: 09WH54 v: UEFI [Legacy]: Dell v: 2.13.1 CPU: Intel Core i7-6700 Graphics: Intel HD Graphics 530 (Skylake GT2)
CC: (none) => jim
ON hardware - AMD X3, Nvidia 730GT (390 driver). $ uname -a Linux localhost 5.3.7-desktop-4.mga7 #1 SMP Thu Oct 24 20:11:12 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux Installed microcode listed above. It triggered a glibc install as well. Nov 14 12:59:08 localhost [RPM][17713]: install microcode-0.20191112-1.mga7.nonfree.noarch: success Nov 14 12:59:08 localhost [RPM][17713]: install glibc-6:2.29-18.mga7.x86_64: success Nov 14 12:59:08 localhost [RPM][17713]: install glibc-devel-6:2.29-18.mga7.x86_64: success no regressions
CC: (none) => brtians1
Installed this in conjunction with a kernel test on a HP Probook 6550b which uses a first-generation i3 processor. Since I used the QA Repo tool to get only the packages I wanted to test, the glibc package in updates-testing was not installed. Package installed cleanly. After a cold reboot, no regressions noted.
CC: (none) => andrewsfarm
MGA7-64 Plasma on Lenovo B50 No installation issues. Installed this after updating the kernel to 5.3.11. Nothing special after rebooting, all seems OK.
CC: (none) => herman.viaene
Installed this in conjunction with a kernel test on an AMD Athlon X2 7750 system. Probably not on the list of affected cpus, but I am reporting that there are no issues, anyway.
AMD A6 - APU (Radeon R4 graphics) - hardware installed the following cpupower-5.3.11-1.mga7.x86_64 - kernel-desktop-5.3.11-1.mga7-1-1.mga7.x86_64 - kernel-desktop-latest-5.3.11-1.mga7.x86_64 - microcode-0.20191112-1.mga7.nonfree.noarch Rebooted the machine --- libreoffice, web-browser, networking, suspend mode are all working properly Seems to be functioning to me.
Mageia7, x86_64 Intel Core i7-4790 (-MT MCP-) Nvidia GTX970 - nvidia 430.64 This machine has been running with the new microcode for several days - no problems.
CC: (none) => tarazed25
To return to the problem with warm reboots referred to in bug 25696 comment 3: Downgrading the microcode on the "bad" partition did not help - lots of messages from dracut like: dracut module 'bootchart' will not be installed <command missing> dracut module 'systemd' will not be installed , because it is in the list to be omitted! systemd-initrd needs systemd in the initramfs .... dracut module 'network' will not be installed ..... It goes on to build /boot/initrd and the initramfs file. After that it is impossible to warm reboot. For that partition every boot has to be a cold one. Since the problem persists after reverting to the old microcode something else must be causing this. All that can be done is to reinstall Mageia7 and hope for the best. Sorry for the noise.
Advisory, added to svn: type: security subject: Updated microcode packages fix security vulnerabilities CVE: - CVE-2019-0117 - CVE-2019-11135 - CVE-2019-11139 - CVE-2018-12207 src: 7: nonfree: - microcode-0.20191112-1.mga7.nonfree description: | This update provides the Intel 20191112 microcode release that adds the microcode side fixes and mitigations for atleast the following security issues: A flaw was found in the implementation of SGX around the access control of protected memory. A local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code is able to infer the contents of the SGX protected memory (CVE-2019-0117). TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135). Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access (CVE-2019-11139). Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access (CVE-2018-12207). TA Indirect Sharing Erratum (Information Leak) Incomplete fixes for previous MDS mitigations (VERW) SHUF* instruction implementation flaw (DoS) EGETKEY Erratum Conditional Jump Macro-fusion (DoS or Privilege Escalation) For the software side fixes and mitigations of theese issues, the kernel must be updated to 5.3.13-1.mga7 (mga¤25686) or later. references: - https://bugs.mageia.org/show_bug.cgi?id=25688 - https://bugs.mageia.org/show_bug.cgi?id=25686 - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00164.html - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html - https://www.intel.com/content/www/us/en/support/articles/000055650/processors/intel-xeon-processors.html
Keywords: (none) => advisory, validated_updateWhiteboard: (none) => MGA7-64-OK, MGA7-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0334.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED