30037 – Update request: microcode-0.20220207-1.mga8.nonfree

Bug 30037 - Update request: microcode-0.20220207-1.mga8.nonfree

Summary: Update request: microcode-0.20220207-1.mga8.nonfree

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2022-02-11 22:21 CET by Thomas Backlund
Modified:	2022-02-16 13:15 CET (History)
CC List:	4 users (show)

See Also:
Source RPM:	microcode
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Thomas Backlund 2022-02-11 22:21:27 CET

Security and bugfixes for a long list of Intel CPUs:

https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207

SRPM:
microcode-0.20220207-1.mga8.nonfree.src.rpm

noarch:
microcode-0.20220207-1.mga8.nonfree.noarch.rpm

Comment 1 Len Lawrence 2022-02-12 00:58:01 CET

Intel model: NUC10i7FNB
6-Core Intel Core i7-10710U, x86_64.
Updated latest microcode and rebooted to latest desktop kernel.
$ dmesg | grep microcode
[    0.000000] microcode: microcode updated early to revision 0xea, date = 2021-04-28
[    0.863197] microcode: sig=0xa0660, pf=0x80, revision=0xea
[    0.863450] microcode: Microcode Update Driver: v2.2.

Looks like this machine is not affected.

CC: (none) => tarazed25

Comment 2 Thomas Backlund 2022-02-12 01:53:04 CET

 it should be as its a gen 10 and the updates started from ~gen6

dont mind the date... some of the microcode updates Intel sit on foe a _long_ time or only release as part of vendor bios updates...

Here is What happend on my i3-6xxx storage server:

dmesg.old:[    0.000000] microcode: microcode updated early to revision 0xea, date = 2021-01-05
dmesg.old:[    2.424498] microcode: sig=0x906eb, pf=0x2, revision=0xea

dmesg.new:[    0.000000] microcode: microcode updated early to revision 0xec, date = 2021-04-28
dmesg.new:[    2.414868] microcode: sig=0x906eb, pf=0x2, revision=0xec

Comment 3 Len Lawrence 2022-02-12 16:17:16 CET

mga8, x86_64
Dell XPS13 netbook
Updated and rebooted.
$ dmesg | grep microcode
[    0.000000] microcode: microcode updated early to revision 0xec, date = 2021-04-28
[    0.499240] microcode: sig=0x806e9, pf=0x80, revision=0xec
[    0.499274] microcode: Microcode Update Driver: v2.2.

Desktop running fine so far.
$ uname -r
5.15.23-desktop-1.mga8
$ sudo mount -a
brought up NFS and NAS.

Comment 4 Herman Viaene 2022-02-14 16:32:01 CET

MGA8-64 Plasma on LenovoB50 in Dutch
No installation issues
Rebooted and all seems OK (including NFS access to shares on my desktop PC).

CC: (none) => herman.viaene

Comment 5 Thomas Backlund 2022-02-15 20:02:18 CET

Advisory, added to svn:

type: security
subject: Updated microcode packages fix security vulnerabilities
CVE:
 - CVE-2021-0127
 - CVE-2021-0146
src:
  8:
   nonfree:
     - microcode-0.20220207-1.mga8.nonfree
description: |
  Updated microcodes for Intel processors, fixing various functional
  issues, and atleast the following security issues:

  Insufficient control flow management in some Intel(R) Processors may allow
  an authenticated user to potentially enable a denial of service via local
  access (CVE-2021-0127 / SA-00532).

  Hardware allows activation of test or debug logic at runtime for some
  Intel(R) processors which may allow an unauthenticated user to potentially
  enable escalation of privilege via physical access
  (CVE-2021-0146 / SA-00528).

  For info about the other fixes in this update, see the github reference.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=30037
 - https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207
 - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html
 - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html

Keywords: (none) => advisory

Comment 6 Thomas Andrews 2022-02-15 20:04:59 CET

My newest Intel processor is an i5-2500, second generation, and thus should not be affected. And,

$ dmesg | grep microcode
[    0.000000] microcode: microcode updated early to revision 0x2f, date = 2019-02-17
[    0.580381] microcode: sig=0x206a7, pf=0x2, revision=0x2f
[    0.580477] microcode: Microcode Update Driver: v2.2.

would seem to confirm that. No issues noted, anyway.

Also updated a Core2Quad, also with no issues.

Comment 7 Thomas Backlund 2022-02-15 20:57:53 CET

Updated advisory in svn:

type: security
subject: Updated microcode packages fix security vulnerabilities
CVE:
 - CVE-2021-0127
 - CVE-2021-0145
 - CVE-2021-0146
 - CVE-2021-33120
src:
  8:
   nonfree:
     - microcode-0.20220207-1.mga8.nonfree
description: |
  Updated microcodes for Intel processors, fixing various functional
  issues, and atleast the following security issues:

  Insufficient control flow management in some Intel(R) Processors may allow
  an authenticated user to potentially enable a denial of service via local
  access (CVE-2021-0127 / SA-00532).

  Improper initialization of shared resources in some Intel(R) Processors may
  allow an authenticated user to potentially enable information disclosure
  via local access (CVE-2021-0145 / SA-00561).

  Hardware allows activation of test or debug logic at runtime for some
  Intel(R) processors which may allow an unauthenticated user to potentially
  enable escalation of privilege via physical access
  (CVE-2021-0146 / SA-00528).

  Out of bounds read under complex microarchitectural condition in memory
  subsystem for some Intel Atom(R) Processors may allow authenticated user
  to potentially enable information disclosure or cause denial of service
  via network access (CVE-2021-33120 / SA-00589)

  For info about the other fixes in this update, see the github reference.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=30037
 - https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207
 - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html
 - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html
 - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00561.html
 - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00589.html

Comment 8 Thomas Backlund 2022-02-15 21:05:57 CET

sending it along so it gets installed with the new kernel

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA8-64-OK

Comment 9 Mageia Robot 2022-02-15 21:51:38 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0064.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 10 Morgan Leijström 2022-02-16 13:15:44 CET

This went through quicker than I thought :)
Reporting in short

64 bit OK - No regressions noted on 4 systems user more or less hours
Tested together: kernel-desktop, mesa, microcode, nonfree firmwares


§ Workstation "svarten": plasma, nvidia-current, ...
Details: https://bugs.mageia.org/show_bug.cgi?id=30030#c18


§ Virtual box guest mga 8, details noted in same kernel bug comment.


§ Laptop Asus A717, Plasma
i5-7300HQ, integrated HD Graphics 630, using "Intel 810 and later" (GPU 2 not configured), wifi Atheros QCA6174 using ath10k_pci


§ Laptop Thinkpad T510, Plasma
GPU i5-M540, 4 core
GPU: GT218M[NVS 3100M] using NVIDIA GeForce 8100 to GeForce 415
wifi: Centrino Advanced N 6200, using iwlwifi


§ Laptop Dell Dimension M63000, Plasma
CPU: Core2 Duo T7500
GPU: G84GLM [Quadro FX 1600M] using NVIDIA GeForce 8100 to GeForce 415
wifi: PRO/Wireless 3945ABG using iwl3945

CC: (none) => fri

Note You need to log in before you can comment on or make changes to this bug.