Assigning to kernel.

Assignee: bugsquad => kernel
CC: (none) => ghibomgx

Suggested advisory:
========================

The updated package fixes security vulnerabilities:

Improper Finite State Machines (FSMs) in the Hardware logic in some 4th and 5th Generation Intel® Xeon® Processors may allow an authorized user to potentially enable denial of service via local access. (CVE-2024-21853)

Improper conditions check in some Intel® Xeon® processor memory controller configurations when using Intel® SGX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-23918)

Incorrect default permissions in some Intel® Xeon® processor memory controller configurations when using Intel® SGX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-21820)

References:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20241112
========================

Updated package in core/updates_testing:
========================
microcode-0.20241112-1.mga9.nonfree

from SRPM:
microcode-0.20241112-1.mga9.nonfree.src.rpm

Status: NEW => ASSIGNED
Whiteboard: MGA9TOO => (none)
Assignee: kernel => qa-bugs
Source RPM: microcode-0.20240910-1.mga10.nonfree.src.rpm => microcode-0.20240910-1.mga9.nonfree.src.rpm
Status comment: Fixed upstream in 20241112 => (none)
Version: Cauldron => 9

mga9-64 OK om my workstation svarten

Tested with linus, desktop and server kernels, and microcode from testing.

Various desktop apps, internet video in firefox, Virtualbox with MSW7 guest.
suspend and hibernate resumes OK

CC: (none) => fri

RH x86_64


installing microcode-0.20241112-1.mga9.nonfree.noarch.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/1: microcode             ##################################################################################################
dracut: dracut module 'systemd-initrd' depends on 'systemd', which can't be installed
dracut: dracut module 'ifcfg' depends on 'network', which can't be installed
dracut: dracut module 'systemd-initrd' depends on 'systemd', which can't be installed
dracut: dracut module 'dracut-systemd' depends on 'systemd-initrd', which can't be installed
dracut: dracut module 'ifcfg' depends on 'network', which can't be installed
      1/1: removing microcode-0.20240910-1.mga9.nonfree.noarch
                                 ##################################################################################################

Reboot
journalctl -xb | grep microcode
nov 21 12:39:34 jgrey.phoenix kernel: microcode: updated early: 0x2 -> 0x7, date = 2018-04-23
nov 21 12:39:34 jgrey.phoenix kernel: MDS: Vulnerable: Clear CPU buffers attempted, no microcode
nov 21 12:39:34 jgrey.phoenix kernel: microcode: Microcode Update Driver: v2.2.

Not issues to report

mga9, x64

Intel NUC12WSBi7
Intel Core i7-1260P
Intel Alder Lake-P Integrated Graphics : i915

Updated microcode and rebooted.
$ journalctl -xb | grep microcode 
Nov 21 20:30:43 yildun kernel: microcode: updated early: 0x421 -> 0x434, date = 2024-02-22
Nov 21 20:30:43 yildun kernel: microcode: Microcode Update Driver: v2.2.

$ rpm -qa | grep microcode
microcode_ctl-2.1-11.mga9
microcode-0.20241112-1.mga9.nonfree

CC: (none) => tarazed25

RH i586

installing microcode-0.20241112-1.mga9.nonfree.noarch.rpm from //home/katnatek/qa-testing/i586
Preparing...                     #######################################################################################
      1/1: microcode             #######################################################################################
dracut: dracut module 'systemd-initrd' depends on 'systemd', which can't be installed
dracut: dracut module 'ifcfg' depends on 'network', which can't be installed
dracut: dracut module 'systemd-initrd' depends on 'systemd', which can't be installed
dracut: dracut module 'dracut-systemd' depends on 'systemd-initrd', which can't be installed
dracut: dracut module 'ifcfg' depends on 'network', which can't be installed
      1/1: removing microcode-0.20240910-1.mga9.nonfree.noarch
                                 #######################################################################################

Reboot
journalctl -xb | grep microcode
nov 21 15:33:24 cefiro kernel: microcode: updated early: 0xa3 -> 0xa4, date = 2010-10-02
nov 21 15:33:24 cefiro kernel: MDS: Vulnerable: Clear CPU buffers attempted, no microcode
nov 21 15:33:24 cefiro kernel: microcode: Microcode Update Driver: v2.2.

Same as in bug#33560 comment#5

OK

mga9-64 OK on laptop Asus G75V

[morgan@republic ~]$ inxi -CM
Machine:
  Type: Laptop System: ASUSTeK product: G75VW v: 1.0
    serial: <superuser required>
  Mobo: ASUSTeK model: G75VW v: 1.0 serial: <superuser required>
    UEFI: American Megatrends v: G75VW.223 date: 01/07/2013
CPU:
  Info: quad core model: Intel Core i7-3610QM bits: 64 type: MT MCP cache:
    L2: 1024 KiB
  Speed (MHz): avg: 3300 min/max: 1200/3300 cores: 1: 3300 2: 3300 3: 3300
    4: 3300 5: 3300 6: 3300 7: 3300 8: 3300

MGA9-64 Plasma Wayland on HP-Pavillion
No installation issues.
Repeated as above after installation and reboot.
# journalctl -xb | grep microcode
Nov 22 11:27:07 mach4.hviaene.thuis kernel: microcode: updated early: 0x40a -> 0x411, date = 2019-04-23
Nov 22 11:27:07 mach4.hviaene.thuis kernel: microcode: Microcode Update Driver: v2.2.

I find it strange that the date reported above is so old and different for all tests above. That should not block the OK IMHO.

CC: (none) => herman.viaene

mga9-64 OK on Thinkpad T510
mga9-32 OK on Thinkpad T43

Tested with new kernels and mesa
Video in firefox over wifi
suspend, hibernation

MGA9-64 Plasma, i5-7500. No installation issues.

Going by the advisory this processor isn't affected by this update, and the journal bears this out:

# journalctl -xb | grep microcode
Nov 24 09:09:41 localhost kernel: microcode: updated early: 0xb4 -> 0xf8, date = 2023-09-28
Nov 24 09:09:41 localhost kernel: microcode: Microcode Update Driver: v2.2.

No effects noted, for good or ill.

CC: (none) => andrewsfarm

MGA9-64 Plasma on an AMD-based HP Pavilion. The reference in comment 2 indicates that only Intel processors are affected this time, but it doesn't hurt to check:

# journalctl -xb | grep microcode
Nov 25 15:35:22 localhost.localdomain kernel: microcode: microcode updated early to new patch_level=0x06001119
Nov 25 15:35:22 localhost.localdomain kernel: microcode: CPU0: patch_level=0x06001119
Nov 25 15:35:22 localhost.localdomain kernel: microcode: CPU1: patch_level=0x06001119
Nov 25 15:35:22 localhost.localdomain kernel: microcode: CPU3: patch_level=0x06001119
Nov 25 15:35:22 localhost.localdomain kernel: microcode: CPU2: patch_level=0x06001119
Nov 25 15:35:22 localhost.localdomain kernel: microcode: CPU0: new patch_level=0x06001119
Nov 25 15:35:22 localhost.localdomain kernel: microcode: CPU1: new patch_level=0x06001119
Nov 25 15:35:22 localhost.localdomain kernel: microcode: CPU3: new patch_level=0x06001119
Nov 25 15:35:22 localhost.localdomain kernel: microcode: CPU2: new patch_level=0x06001119
Nov 25 15:35:22 localhost.localdomain kernel: microcode: Microcode Update Driver: v2.2.

No operational issues noted.

I believe this one can be sent on. Validating.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA9-32-OK MGA9-64-OK
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0377.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED