microcode security updates for Intel Gen6+ ... For a long reference list, see: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608 SRPM: microcode-0.20210608-1.mga8/7.nonfree noarch: microcode-0.20210608-1.mga8/7.nonfree
Whiteboard: (none) => MGA7TOO
Mageia 8 Updated fine on 10-Core Intel Core i9-7900X [MT MCP] $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x2006b06, date = 2021-03-08 [ 0.791922] microcode: sig=0x50654, pf=0x4, revision=0x2006b06 [ 0.791995] microcode: Microcode Update Driver: v2.2. [ 4.694916] em28xx 1-3:1.0: microcode start address = 0x0004, boot configuration = 0x01 The system rebooted and running fine.
CC: (none) => tarazed25
Mageia 7 5.10.41-desktop-1.mga7 Rebooted fine. $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x28, date = 2019-11-12 [ 0.582231] microcode: sig=0x306c3, pf=0x2, revision=0x28 [ 0.582364] microcode: Microcode Update Driver: v2.2. $ rpm -q microcode microcode-0.20210608-1.mga7.nonfree System running fine. Intel Core i7-4790
mga8 - 64, Intel i7-3770, Kernel 5.12.8-desktop-1.mga8 without problems in operation and nothing i find suspect in journal incl BOINC and VirtualBox, nvidia-current Most packages are updated to testing
CC: (none) => fri
Advisory, added to svn: type: security subject: Updated microcode packages fix security vulnerabilities CVE: - CVE-2020-24489 - CVE-2020-24511 - CVE-2020-24513 src: 8: nonfree: - microcode-0.20210608-1.mga8.nonfree 7: nonfree: - microcode-0.20210608-1.mga7.nonfree description: | Updated microcodes for Intel processors, fixing various functional issues, and atleast the following security issues: Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access (CVE-2020-24489). Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2020-24511). Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (CVE-2020-24513). For more info about this updatae, see the refenced links. references: - https://bugs.mageia.org/show_bug.cgi?id=29095 - https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608 - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html
Keywords: (none) => advisory
Works here too, and in Cauldron, so flushing out
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA7TOO => MGA7TOO, MGA8-64-OK, MGA7-64-OK
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0256.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
RedHat has issued advisories for this today (August 9): https://access.redhat.com/errata/RHSA-2021:3027 https://access.redhat.com/errata/RHSA-2021:3028 I'm assuming we also fixed CVE-2020-24512 in this update.
Summary: Update request: microcode-0.20210608-1.mga8/7.nonfree => Update request: microcode-0.20210608-1.mga8/7.nonfree (fixes CVE-2020-24489 and CVE-2020-2451[1-3])