This is a refresh of the microcode update in: https://advisories.mageia.org/MGASA-2019-0334.html Turns out Intel did a re-release ~3 days after the initial rollout that I missed back then... (S)RPM: microcode-0.20191115-1.mga7.nonfree
Advisory, added to svn: type: security subject: Updated microcode packages fix security vulnerabilities CVE: - CVE-2019-0117 - CVE-2019-11135 - CVE-2019-11139 - CVE-2018-12207 src: 7: nonfree: - microcode-0.20191115-1.mga7.nonfree description: | NOTE! This is a refresh of the 2019112 security update we released as MGASA-2019-0334. This update provides the Intel 20191115 microcode release that adds more microcode side fixes and mitigations for the Core Gen 6 to Core gen 10, some Xeon E series, adressing atleast the following security issues: A flaw was found in the implementation of SGX around the access control of protected memory. A local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code is able to infer the contents of the SGX protected memory (CVE-2019-0117). TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135). Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access (CVE-2019-11139). Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access (CVE-2018-12207). TA Indirect Sharing Erratum (Information Leak) Incomplete fixes for previous MDS mitigations (VERW) SHUF* instruction implementation flaw (DoS) EGETKEY Erratum Conditional Jump Macro-fusion (DoS or Privilege Escalation) For the software side fixes and mitigations of theese issues, the kernel must be updated to 5.3.13-1.mga7 (mga¤25686) or later. references: - https://bugs.mageia.org/show_bug.cgi?id=25896 - https://bugs.mageia.org/show_bug.cgi?id=25686 - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00164.html - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html - https://www.intel.com/content/www/us/en/support/articles/000055650/processors/intel-xeon-processors.html - https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/master/releasenote
Keywords: (none) => advisory
Host: difda Kernel: 5.4.2-desktop-1.mga7 x86_64 bits: 64 Mobo: MSI model: Z97-G43 (MS-7816) v: 3.0 Quad Core: Intel Core i7-4790 type: MT MCP speed: 1699 MHz microcode: microcode updated early to revision 0x27, date = 2019-02-26 $ rpm -q microcode microcode-0.20191112-1.mga7.nonfree date: 2019-12-20 After update: Smooth reboot. $ rpm -q microcode microcode-0.20191115-1.mga7.nonfree # journalctl -xb | grep microcode Dec 20 08:29:19 difda kernel: microcode: microcode updated early to revision 0x27, date = 2019-02-26 Dec 20 08:29:19 difda kernel: microcode: sig=0x306c3, pf=0x2, revision=0x27 Leaving this to run. Host: canopus Kernel: 5.4.2-desktop-1.mga7 x86_64 bits: 64 Mobo: ASUSTeK model: TUF X299 MARK 2 v: Rev 1.xx 10-Core: Intel Core i9-7900X type: MT MCP speed: 1954 MHz # journalctl -xb | grep microcode Dec 20 18:31:36 canopus kernel: microcode: microcode updated early to revision 0x2000065, date = 2019-09-05 Dec 20 18:31:36 canopus kernel: microcode: sig=0x50654, pf=0x4, revision=0x2000065 This looks different from the difda case. On difda nothing changed after another round of 'dracut -f' and it looks like the microcode has not "taken".
CC: (none) => tarazed25
on mga7-64 Before update: $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0xd4, date = 2019-08-14 [ 0.782061] microcode: sig=0x506e3, pf=0x2, revision=0xd4 [ 0.782119] microcode: Microcode Update Driver: v2.2. package installed cleanly: - microcode-0.20191115-1.mga7.nonfree.noarch after executing 'dracut -f' and rebooting: $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0xd6, date = 2019-10-03 [ 0.785212] microcode: sig=0x506e3, pf=0x2, revision=0xd6 [ 0.785311] microcode: Microcode Update Driver: v2.2. No regressions observed OK for mga7-64 on this system: Mobo: Dell model: 09WH54 v: UEFI [Legacy]: Dell v: 2.13.1 CPU: Intel Core i7-6700 Graphics: Intel HD Graphics 530 (Skylake GT2)
CC: (none) => jim
Whiteboard: (none) => MGA7-64-OKCC: (none) => sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0413.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED