No registered maintainer, so assigning to all.

Assignee: bugsquad => pkg-bugs
CC: (none) => marja11

Suggested advisory:
========================

The updated package updates AMD and Intel microcodes and fixes security vulnerabilities:

Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2023-42667)

Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2023-49141)

Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-24853)

Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-24980)

Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. (CVE-2024-25939)

References:
https://openwall.com/lists/oss-security/2024/08/16/3
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
========================

Updated package in nonfree/updates_testing:
========================
microcode-0.20240813-1.mga9.nonfree

from SRPM:
microcode-0.20240813-1.mga9.nonfree.src.rpm

Whiteboard: MGA9TOO => (none)
Status: NEW => ASSIGNED
Assignee: pkg-bugs => qa-bugs
Version: Cauldron => 9

MGA9-32, AMD A6-3420M APU with Radeon(tm) HD Graphics, old Laptop

installed

--rebooted

System is behaving as expected.

CC: (none) => brtians1

kernel 6.6.43-desktop-1.mga9  x86_64
Intel model: NUC12WSBi7
12-core (4-mt/8-st) 12th Gen Intel Core i7-1260P

So, unlikely to be affected.

$ journalctl -xb | grep microcode
Sep 07 23:54:01 yildun kernel: microcode: updated early: 0x421 -> 0x433, date = 2023-12-05
Sep 07 23:54:01 yildun kernel: microcode: Microcode Update Driver: v2.2.
$ rpm -q microcode
microcode-0.20240514-1.mga9.nonfree

Updated the microcode and rebooted.
$ journalctl -xb | grep microcode
Sep 08 00:01:54 yildun kernel: microcode: updated early: 0x421 -> 0x433, date = 2023-12-05
$ rpm -q microcode
microcode-0.20240813-1.mga9.nonfree

IIUC this means no firmware update so nothing should be affected.

CC: (none) => tarazed25

mga9-64 OK here

No regression noted, no new problem noted in system journal

$ inxi -SMCG
System:
  Host: svarten.tribun Kernel: 6.6.43-desktop-1.mga9 arch: x86_64 bits: 64
    Desktop: KDE Plasma v: 5.27.10 Distro: Mageia 9
Machine:
  Type: Desktop Mobo: ASRock model: P55 Pro serial: <superuser required>
    BIOS: American Megatrends v: P2.60 date: 08/20/2010
CPU:
  Info: dual core model: Intel Core i7 870 bits: 64 type: MT MCP cache:
    L2: 512 KiB
  Speed (MHz): avg: 3481 min/max: 1200/2934 cores: 1: 3481 2: 3481 3: 3481
    4: 3481
Graphics:
  Device-1: AMD Navi 24 [Radeon RX 6400/6500 XT/6500M] driver: amdgpu
    v: kernel
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: amdgpu,v4l dri: radeonsi gpu: amdgpu resolution: 3840x2160~60Hz
  API: OpenGL v: 4.6 Mesa 24.1.4 renderer: AMD Radeon RX 6400 (radeonsi
    navi24 LLVM 15.0.6 DRM 3.54 6.6.43-desktop-1.mga9

CC: (none) => fri

MGA9-64, Xfce, Celeron N2840, Chromebook

installed rebooted

---

no regressions

Installed and tested without issues.

This systems is mostly used as a server and has a 4th gen Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz so this update should not change anything. After a reboot and half a day of operation everything is working as usual.



System: Mageia 9, x86_64, Plasma DE, LXQt DE, Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz.



# uname -a
Linux marte 6.6.43-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Sat Jul 27 17:18:39 UTC 2024 x86_64 GNU/Linux
# inxi -SMCG
System:
  Host: marte Kernel: 6.6.43-desktop-1.mga9 arch: x86_64 bits: 64
    Console: pty pts/0 Distro: Mageia 9
Machine:
  Type: Desktop System: Hewlett-Packard product: HP EliteDesk 800 G1 SFF
    v: N/A serial: CZC5360T5N
  Mobo: Hewlett-Packard model: 1998 serial: CZC5360T5N UEFI: Hewlett-Packard
    v: L01 v02.65 date: 07/13/2015
CPU:
  Info: quad core model: Intel Core i5-4590 bits: 64 type: MCP cache:
    L2: 1024 KiB
  Speed (MHz): avg: 3394 min/max: 800/3700 cores: 1: 3700 2: 3293 3: 3293
    4: 3293
Graphics:
  Device-1: Intel Xeon E3-1200 v3/4th Gen Core Processor Integrated Graphics
    driver: i915 v: kernel
  Display: server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: intel,v4l dri: i965 gpu: i915 resolution: 1920x1080~60Hz
  API: OpenGL v: 4.5 Mesa 24.1.4 renderer: llvmpipe (LLVM 15.0.6 256 bits)

CC: (none) => mageia

Intel i5-7500, from the advisory unlikely to be affected. Installed with no issues, rebooted:

[root@localhost ~]# journalctl -xb | grep microcode
Sep 08 20:56:23 localhost.localdomain kernel: microcode: updated early: 0xb4 -> 0xf8, date = 2023-09-28
Sep 08 20:56:23 localhost.localdomain kernel: microcode: Microcode Update Driver: v2.2.
[root@localhost ~]# rpm -q microcode
microcode-0.20240813-1.mga9.nonfree

CC: (none) => andrewsfarm

MGA9-64 server Plasma Wayland on HP-Pavillion
No installation issues.
Rebooted and all seems well.

CC: (none) => herman.viaene

RH x86_64

 LC_ALL=C urpmi --auto --auto-update
adding 66 new rpms not available in existing hdlist
replacing /var/cache/urpmi/partial/synthesis.hdlist.cz with synthesis.hdlist.cz.tmp
updating /var/cache/urpmi/partial/MD5SUM
updated medium "QA Testing (32-bit)"
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date

installing microcode-0.20240813-1.mga9.nonfree.noarch.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/1: microcode             ##################################################################################################
dracut: dracut module 'systemd-initrd' depends on 'systemd', which can't be installed
dracut: dracut module 'ifcfg' depends on 'network', which can't be installed
dracut: dracut module 'systemd-initrd' depends on 'systemd', which can't be installed
dracut: dracut module 'dracut-systemd' depends on 'systemd-initrd', which can't be installed
dracut: dracut module 'ifcfg' depends on 'network', which can't be installed
      1/1: removing microcode-0.20240514-1.mga9.nonfree.noarch
                                 ##################################################################################################

Reboot

journalctl -xb | grep microcode
sep 10 10:23:45 jgrey.phoenix kernel: microcode: updated early: 0x2 -> 0x7, date = 2018-04-23
sep 10 10:23:45 jgrey.phoenix kernel: MDS: Vulnerable: Clear CPU buffers attempted, no microcode
sep 10 10:23:45 jgrey.phoenix kernel: microcode: Microcode Update Driver: v2.2.

Consistent bug#33251 comment#5 (previous round for this system)

RH i586 

Update without issues (with other pending updates so not include the update log)

Reboot

rpm -q microcode
microcode-0.20240813-1.mga9.nonfree

journalctl -xb | grep microcode
sep 10 12:33:16 cefiro kernel: microcode: updated early: 0xa3 -> 0xa4, date = 2010-10-02
sep 10 12:33:16 cefiro kernel: MDS: Vulnerable: Clear CPU buffers attempted, no microcode
sep 10 12:33:16 cefiro kernel: microcode: Microcode Update Driver: v2.2.

Consistent bug#33251 comment#6

Whiteboard: (none) => MGA9-64-OK MGA9-32-OK

Updated in Mga9 x86_64 with kernel-desktop 6.6.50

No issues for the moment.

journalctl -xb | grep microcode
sep 10 20:39:29 localhost kernel: Zenbleed: please update your microcode for the most optimal fix
sep 10 20:39:29 localhost kernel: microcode: CPU2: patch_level=0x08600103
sep 10 20:39:29 localhost kernel: microcode: CPU1: patch_level=0x08600103
sep 10 20:39:29 localhost kernel: microcode: CPU3: patch_level=0x08600103
sep 10 20:39:29 localhost kernel: microcode: CPU6: patch_level=0x08600103
sep 10 20:39:29 localhost kernel: microcode: CPU0: patch_level=0x08600103
sep 10 20:39:29 localhost kernel: microcode: CPU7: patch_level=0x08600103
sep 10 20:39:29 localhost kernel: microcode: CPU15: patch_level=0x08600103
sep 10 20:39:29 localhost kernel: microcode: CPU14: patch_level=0x08600103
sep 10 20:39:29 localhost kernel: microcode: CPU4: patch_level=0x08600103
sep 10 20:39:29 localhost kernel: microcode: CPU5: patch_level=0x08600103
sep 10 20:39:29 localhost kernel: microcode: CPU9: patch_level=0x08600103
sep 10 20:39:29 localhost kernel: microcode: CPU8: patch_level=0x08600103
sep 10 20:39:29 localhost kernel: microcode: CPU11: patch_level=0x08600103
sep 10 20:39:29 localhost kernel: microcode: CPU10: patch_level=0x08600103
sep 10 20:39:29 localhost kernel: microcode: CPU13: patch_level=0x08600103
sep 10 20:39:29 localhost kernel: microcode: CPU12: patch_level=0x08600103
sep 10 20:39:29 localhost kernel: microcode: Microcode Update Driver: v2.2.


It seems that there is a newer version for my AMD Ryzen 7 4800H processor from the notice that appears.

CC: (none) => joselp

On Github there is a new version published two weeks ago. 

Version: ver0B40401C_2024-07-15

MGA9-64 Plasma on an HP Pavilion. This laptop is AMD-based, but:

[root@localhost ~]# journalctl -xb | grep microcode
Sep 11 07:32:31 localhost.localdomain kernel: microcode: microcode updated early to new patch_level=0x06001119
Sep 11 07:32:31 localhost.localdomain kernel: microcode: CPU2: patch_level=0x06001119
Sep 11 07:32:31 localhost.localdomain kernel: microcode: CPU3: patch_level=0x06001119
Sep 11 07:32:31 localhost.localdomain kernel: microcode: CPU1: patch_level=0x06001119
Sep 11 07:32:31 localhost.localdomain kernel: microcode: CPU1: new patch_level=0x06001119
Sep 11 07:32:31 localhost.localdomain kernel: microcode: CPU0: patch_level=0x06001119
Sep 11 07:32:31 localhost.localdomain kernel: microcode: CPU3: new patch_level=0x06001119
Sep 11 07:32:31 localhost.localdomain kernel: microcode: CPU2: new patch_level=0x06001119
Sep 11 07:32:31 localhost.localdomain kernel: microcode: CPU0: new patch_level=0x06001119
Sep 11 07:32:31 localhost.localdomain kernel: microcode: Microcode Update Driver: v2.2.

[root@localhost ~]# inxi -c
CPU: quad core AMD A8-4555M APU with Radeon HD Graphics (-MT MCP-)
speed/min/max: 1100/1100/1600 MHz Kernel: 6.6.43-desktop-1.mga9 x86_64 Up: 5m
Mem: 1729.7/15172.5 MiB (11.4%) Storage: 942.7 GiB (26.8% used) Procs: 198
Shell: Bash inxi: 3.3.26

This is unchanged from the last microcode update, so this machine is apparently unaffected by this one.

Validating, to get these updated Intel codes out to our users.

Joselp, please open a new bug regarding the message you received, and the updated AMD microcode you found.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

I have created a new bug as requested for the new microcode version here: https://bugs.mageia.org/show_bug.cgi?id=33555

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0296.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED