Bug 28579 - Update request: microcode-0.20210216-1.mga7/8.nonfree
Summary: Update request: microcode-0.20210216-1.mga7/8.nonfree
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7TOO MGA7-64-OK MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2021-03-10 20:33 CET by Thomas Backlund
Modified: 2021-03-17 07:17 CET (History)
4 users (show)

See Also:
Source RPM: microcode
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Thomas Backlund 2021-03-10 20:33:45 CET 
Advisory:
This update adds new microcode updates to mitigate CVE-2020-8696 for Intel
Skylake server (50654) and Cascade Lake Server (50656 & 50657) processors.
The new microcode update mitigates an issue when using an active JTAG agent
like In Target Probe (ITP), Direct Connect Interface (DCI) or a Baseboard
Management Controller (BMC) to take the CPU JTAG/TAP out of reset and then
returning it to reset.

Improper isolation of shared resources in some Intel(R) Processors may
allow an authenticated user to potentially enable information disclosure
via local access (CVE-2020-8698).

Improper removal of sensitive information before storage or transfer in
some Intel(R) Processors may allow an authenticated user to potentially
enable information disclosure via local access (CVE-2020-8696).

Reference:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html



SRPM:
microcode-0.20210216-1.mga7.nonfree.src.rpm
microcode-0.20210216-1.mga8.nonfree.src.rpm



noarch:
microcode-0.20210216-1.mga7.nonfree.noarch.rpm
microcode-0.20210216-1.mga8.nonfree.noarch.rpm
Thomas Backlund 2021-03-10 20:33:55 CET

Whiteboard: (none) => MGA7TOO

Comment 1 Thomas Backlund 2021-03-10 20:38:42 CET 
Note to testers...

As I dont think anyone in QA actually have access to the server cpus that this update affects, the test is basically to ensure in installs properly...
Comment 2 Thomas Backlund 2021-03-10 20:43:17 CET 
Other name of processors are:

Xeon Scalable (SKX-SP)
Xeon D-21xx (SKX-D)
Xeon Scalable Gen2 (CLX-SP)
Comment 3 Morgan Leijström 2021-03-10 21:55:36 CET 
mga7 64 bit OK on My workstation "svarten": Mainboard: Sabertooth P67, CPU: i7-3770.

Clean update, reboot, no errors in journal, no regression noted in my normal use.

CC: (none) => fri

Comment 4 Len Lawrence 2021-03-10 23:53:30 CET 
+1 here.
$ sudo journalctl -xb | grep microcode
Mar 10 22:40:29 canopus [RPM][794779]: erase microcode-0.20201118-2.mga8.nonfree.noarch: success
Mar 10 22:40:30 canopus [RPM][794779]: install microcode-0.20210216-1.mga8.nonfree.noarch: success

ASUSTeK model: TUF X299 MARK 2
Intel Core i9-7900X

CC: (none) => tarazed25

Comment 5 Aurelien Oudelet 2021-03-16 15:57:57 CET 
microcode-0.20210216-1.mga8.nonfree.noarch    jeu. 11 mars 2021 09:13:24

For MGA8 x86_64 Plasma with Intel Core i5 6600K
No regression.

3 testers. 1 MGA7 and 2 MGA8

Validating.
Advisory pushed to SVN.

Keywords: (none) => advisory, validated_update
CC: (none) => ouaurelien, sysadmin-bugs
Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OK MGA8-64-OK

Comment 6 Mageia Robot 2021-03-17 07:17:33 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0140.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.