SUSE has issued an advisory on February 20: https://lists.suse.com/pipermail/sle-security-updates/2023-February/013840.html The issues are fixed upstream in 20230214: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html
Status comment: (none) => Fixed upstream in 20230214
Ubuntu has issued an advisory for this today (February 27): https://ubuntu.com/security/notices/USN-5886-1
Summary: microcode new security issues CVE-2022-21216 CVE-2022-33196 CVE-2022-38090 => microcode new security issues CVE-2022-21216 CVE-2022-33196 CVE-2022-33972 CVE-2022-38090
Already built on 2023-02-16, but I forgot to open a bug... (S)RPM: microcode-0.20230214-1.mga8.nonfree
Assignee: tmb => qa-bugs
Mageia8, x86_64, linus kernel Intel Core i9-7900X Updated and rebooted. $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0x2006e05, date = 2022-03-08 [ 0.717801] microcode: sig=0x50654, pf=0x4, revision=0x2006e05 [ 0.717887] microcode: Microcode Update Driver: v2.2. [ 4.705677] em28xx 1-7:1.0: microcode start address = 0x0004, boot configuration = 0x01 None of the issues should affect this hardware.
CC: (none) => tarazed25
Kernel: 5.15.88-desktop-1.mga8 x86_64 Mobo: Intel model: NUC12WSBi7 8-Core model: 12th Gen Intel Core i7-1260P Intel Alder Lake-P Integrated Graphics driver: i915 Realtek RTL8153 Gigabit Ethernet Adapter type: USB driver: r8152 Updated and rebooted: installing microcode-0.20230214-1.mga8.nonfree.noarch.rpm from //home/lcl/qa-testing/x86_64 starting installing packages created transaction for installing on / (remove=0, install=0, upgrade=1) dracut: systemd-initrd needs systemd in the initramfs dracut: systemd-networkd needs systemd in the initramfs dracut: dracut module 'ifcfg' depends on 'network', which can't be installed dracut: dracut-systemd needs systemd-initrd in the initramfs dracut: dracut-squash only supports systemd bases initramfs dracut: dracut module 'ifcfg' depends on 'network', which can't be installed dracut: dracut-squash only supports systemd bases initramfs $ dmesg | grep microcode [ 1.153555] microcode: sig=0x906a3, pf=0x80, revision=0x421 [ 1.154056] microcode: Microcode Update Driver: v2.2. Don't know what to make of that. $ sudo journalctl -b | grep microcode Mar 05 09:22:54 yildun kernel: microcode: sig=0x906a3, pf=0x80, revision=0x421 Mar 05 09:22:54 yildun kernel: microcode: Microcode Update Driver: v2.2. Mar 05 11:09:38 yildun [RPM][159728]: erase microcode-0.20220809-1.mga8.nonfree.noarch: success Mar 05 11:09:46 yildun [RPM][159728]: install microcode-0.20230214-1.mga8.nonfree.noarch: success Looks like it is relevant to this machine.
Installed on my "svarten" workstation Works with 5.15.88-desktop-1.mga8 x86_64, but not with our released backport kernel-desktop-6.1.6-1.mga8-1-1.mga8.x86_64 ! Tried now both kernels twice. (running 5.15.88 and i keep using it for now...) System is using encrypted partition, on which it use LVM I dont understand how to from that shell mount a USB to dump the rdsoreport file so I listed it instead and attach a photo of the last lines. Strange lane that third from bottom: it say it cancel the resume operation, I ordered it to reboot. By device not found i assume it mean the swap partition.
CC: (none) => fri
Created attachment 13731 [details] last lines of rdsosreport.txt failed booting kernel kernel-desktop-6.1.6-1.mga8-1-1.mga8.x86_64 with LVM on LUKS
CC: (none) => tmbKeywords: (none) => feedback
not really a microcode bug, it does not affect how lvm works... I guess something in your system prevents dracut from generating a working initrd... what kernel were you running when you installed the microcode update ?
Keywords: feedback => (none)
Kernel running when updating was 6.1.6-desktop-1.mga8
if you boot back to 5.15.88, then recreate the 6.1.6 initrd, does it work then ?
What command line to use for that?
dracut -f /boot/initrd-6.1.6-desktop-1.mga8.img 6.1.6-desktop-1.mga8
Created attachment 13732 [details] Dracut output executed for kernel 1.6.1 Same boot failure after
first of fix this: /etc/dracut.conf.d/51-mageia-resume.conf:add_device+="/dev/vg-mag/lv_swap" dracut: WARNING: <key>+=" <values> ": <values> should have surrounding white spaces! dracut: WARNING: This will lead to unwanted side effects! Please fix the configuration file.
First I fixed the missing spaces. ( It is a mystery they were missing, I have only used Mageia tools. But on my mga9 test machine there are correctly spaces in a similar setup. So I will not file a bug on that for now ) Then I again executed dracut -f /boot/initrd-6.1.6-desktop-1.mga8.img 6.1.6-desktop-1.mga8 And the text messages were identical minus the missing spaces - warnings. Unfortunately boot still fail with 6.1.6 I also installed 6.1.15 from backports testing And 5.15.98 from updates testing. All fail. Except 5.15.88.
well, 5.15.88 has not had its initrd updated, so that does not say much... you can try 5.15.98 update to see if that one works or not.. and you can of course try to uninstall microcode package, recreate the 6.1.6 initrd and see if it boots then... if that does not help, something elsa has been screwed up in your system...
To work around the swap volume not being available change the fstab line for the swap to have "defaults,nofail 0 0". Also add it for /home. Then run the dracut -f command for each initrd. Double check that /boot is not full. That should allow booting, but will still leave figuring out why /home and the swap are being inactivated. Once it boots, login as root on a tty and run "lvchange -ay <logical volume>" for the swap and home volume groups and reboot. Pay attention to the messages during reboot. Is the kernel crashing just before the reboot? If so, I think that may be why the volume groups are being deactivated. It's been a long time since I used lvm. Well before systemd, so am not familiar with how it handles activation.
CC: (none) => davidwhodgins
Oh, I was under the impression initrd was supposed to be automatically updated for all kernels, but it only updates the initrd for the running kernel version? Apparently that have saved me... I will not downgrade initrd because of fear to wreck my only booting kernel alternative. Yes something goes wrong... As I wrote 5.15.98 also did not work Now I tried old 5.15.79, also stops booting. I am out of time for a while and need this machine working so will not mess with this any more for a while. Thank you for the tips though :)
What ever the lvm problems are, that is not related to the microcode update. If the problems continue, please open a new bug report for that.
MGA8-64 kernel-server 5.15.88-server on Acer Aspire 5253 No installation issues Rebooted after update, no problems seen.
CC: (none) => herman.viaene
mga8-64 OK here; Tested OK on a laptop Acer Aspire 7, with kernels kernel-desktop-5.15.82-1.mga8-1-1.mga8 kernel-desktop-5.15.88-1.mga8-1-1.mga8 kernel-desktop-5.15.98-1.mga8-1-1.mga8 (the old already installed i issued dracut-f for manually) And this was a similar system to the failing system, ext4 partitions in LVM on LUKS, and here no problem so definately system specific. One detail that was the same was the missing spaces in 51-mageia-resume.conf, comment 13. Hardware: laptop Acer Aspire7 A717-71G; Intel EFI, LVM on LUKS on NVMe, i5-7300HQ, using the intel GPU, wifi=QCA6174
Whiteboard: (none) => MGA8-64-OK, MGA8-32-OKKeywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0085.html
Status: NEW => RESOLVEDResolution: (none) => FIXED