Bug 30425 - microcode new security issues CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151
Summary: microcode new security issues CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, ...
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-05-13 22:52 CEST by David Walser
Modified: 2022-07-08 20:35 CEST (History)
6 users (show)

See Also:
Source RPM: microcode-0.20220419-1.mga8.nonfree.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2022-05-13 22:52:29 CEST
Fedora has issued an advisory May 12:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MGRLDZNIM6SBDYIDM4HJ4GZYP2PW2GI7/

The issues are fixed upstream in in 20220510, which is already in updates_testing, but not assigned to QA yet.
Comment 1 Thomas Backlund 2022-05-16 10:45:02 CEST
ready for test:

(S)RPM:
microcode-0.20220510-1.mga8.nonfree

Assignee: tmb => qa-bugs

Comment 2 Morgan Leijström 2022-05-16 12:12:56 CEST
mga8-64. Installed, rebooted, no issues.

Apparently not for my CPU: i7-3770

$ journalctl -b | grep microcode
maj 16 11:46:09 svarten.tribun kernel: microcode: microcode updated early to revision 0x21, date = 2019-02-13
maj 16 11:46:09 svarten.tribun kernel: SRBDS: Vulnerable: No microcode
maj 16 11:46:09 svarten.tribun kernel: microcode: sig=0x306a9, pf=0x2, revision=0x21
maj 16 11:46:09 svarten.tribun kernel: microcode: Microcode Update Driver: v2.2.

CC: (none) => fri

Comment 3 Len Lawrence 2022-05-16 15:42:33 CEST
5.15.35-desktop-2.mga8 x86_64
Intel Core i7-4790
$ sudo journalctl -b | grep microcode
May 16 14:24:38 difda kernel: microcode: microcode updated early to revision 0x28, date = 2019-11-12
May 16 14:24:38 difda kernel: microcode: sig=0x306c3, pf=0x2, revision=0x28
May 16 14:24:38 difda kernel: microcode: Microcode Update Driver: v2.2.
May 16 14:24:39 difda kernel: em28xx 3-7:1.0:         microcode start address = 0x0004, boot configuration = 0x01

This machine does not seem to be a system of interest either.

CC: (none) => tarazed25

Comment 4 Dave Hodgins 2022-05-16 15:43:54 CEST
No regressions noticed on my two x86_64 systems. Journal shows no indications
microcode package is used, even though it's installed on aarch64 (rpi 4b) or in
vb guests, as expected.

CC: (none) => davidwhodgins

Comment 5 Brian Rockwell 2022-05-18 14:54:09 CEST
MGA8-64, on Xfce, Toshiba Laptop

AMD A6-3420M APU 
Radeon HD 6520G
RTL8188CE 802.11b/g/n WiFi Adapter

installed microcode.  I've been running a number of hours on the system without issue.

CC: (none) => brtians1

Comment 6 Herman Viaene 2022-05-18 16:05:34 CEST
MGA8-64 Plasma on Lenovo B50 in Dutch.
No installation issues.
Rebooted after installation, no obvious problems after using this internet access, access to NFS-share (both wifi) and dolphin and Libreoffice.

CC: (none) => herman.viaene

Comment 7 Brian Rockwell 2022-05-19 15:14:27 CEST
MGA8-64, Gnome, Asus Laptop

AMD A6-9225 RADEON R4
RTL8723BE 
Bluetooth

installed microcode and rebooted

no issues
Thomas Backlund 2022-05-21 09:57:41 CEST

Keywords: (none) => advisory, validated_update
Whiteboard: (none) => MGA8-64-OK
CC: (none) => sysadmin-bugs

Comment 8 Mageia Robot 2022-05-21 10:51:31 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0193.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 9 David Walser 2022-07-08 20:35:31 CEST
This update also fixed CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166:
https://www.debian.org/security/2022/dsa-5178

Note You need to log in before you can comment on or make changes to this bug.