Ubuntu
intel-microcode package

Update intel-microcode to latest upstream release 20210216 for CVE fixes for xeon platforms

Bug #1927911 reported by Alex Murray
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
intel-microcode (Ubuntu)
Fix Released
Undecided
Unassigned
Xenial
Fix Released
Undecided
Unassigned
Bionic
Fix Released
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Groovy
Fix Released
Undecided
Unassigned
Hirsute
Fix Released
Undecided
Unassigned
Impish
Fix Released
Undecided
Unassigned

Bug Description

Intel released microcode 20210216 which should be incorporated into the various Ubuntu releases as a security update.

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (5.1 KiB)

This bug was fixed in the package intel-microcode - 3.20210216.1ubuntu1

---------------
intel-microcode (3.20210216.1ubuntu1) impish; urgency=medium

  * Merge from Debian unstable (LP: #1927911). Remaining changes:
    - debian/initramfs.hook: Do not override preset defaults from
      auto-exported conf snippets loaded by initramfs-tools.

intel-microcode (3.20210216.1) unstable; urgency=medium

  * New upstream microcode datafile 20210216
    * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
      and Cascade Lake Server (B0/B1) when using an active JTAG
      agent like In Target Probe (ITP), Direct Connect Interface
      (DCI) or a Baseboard Management Controller (BMC) to take the
      CPU JTAG/TAP out of reset and then returning it to reset.
    * This issue is related to the INTEL-SA-00381 mitigation.
    * Updated Microcodes:
      sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
      sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
      sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
  * source: update symlinks to reflect id of the latest release, 20210216

intel-microcode (3.20201118.1) unstable; urgency=medium

  * New upstream microcode datafile 20201118
    * Removes a faulty microcode update from release 2020-11-10 for Tiger Lake
      processors. Note that Debian already had removed this specific falty
      microcode update on the 3.20201110.1 release
    * Add a microcode update for the Pentium Silver N/J5xxx and Celeron
      N/J4xxx which didn't make it to release 20201110, fixing security issues
      (INTEL-SA-00381, INTEL-SA-00389)
    * Updated Microcodes:
      sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752
    * Removed Microcodes:
      sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520

intel-microcode (3.20201110.1) unstable; urgency=medium

  * New upstream microcode datafile 20201110 (closes: #974533)
    * Implements mitigation for CVE-2020-8696 and CVE-2020-8698,
      aka INTEL-SA-00381: AVX register information leakage;
      Fast-Forward store predictor information leakage
    * Implements mitigation for CVE-2020-8695, Intel SGX information
      disclosure via RAPL, aka INTEL-SA-00389
    * Fixes critical errata on several processor models
    * Reintroduces SRBDS mitigations(CVE-2020-0543, INTEL-SA-00320)
      for Skylake-U/Y, Skylake Xeon E3
    * New Microcodes
      sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e, size 27648
      sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028, size 32768
      sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520
      sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0, size 93184
      sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 94208
      sig 0x000a0655, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 93184
      sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0, size 93184
    * Updated Microcodes
      sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044, size 34816
      sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2, size 105472
      sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159, size 33792
    ...

Read more...

Changed in intel-microcode (Ubuntu Impish):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in intel-microcode (Ubuntu Bionic):
status: New → Confirmed
Changed in intel-microcode (Ubuntu Focal):
status: New → Confirmed
Changed in intel-microcode (Ubuntu Groovy):
status: New → Confirmed
Changed in intel-microcode (Ubuntu Hirsute):
status: New → Confirmed
Changed in intel-microcode (Ubuntu Xenial):
status: New → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package intel-microcode - 3.20210216.0ubuntu0.21.04.1

---------------
intel-microcode (3.20210216.0ubuntu0.21.04.1) hirsute-security; urgency=medium

  * SECURITY UPDATE: New upstream microcode datafile 2021-02-16 (LP: #1927911)
    + Updated Microcodes:
      sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
      sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
      sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
      sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752
    - CVE-2020-8695 RAPL, INTEL-TA-00389
    - CVE-2020-8696 Vector Register Leakage-Active, INTEL-TA-00381
    - CVE-2020-8698 Fast forward store predictor, INTEL-TA-00381
  * SECURITY REGRESSION: Some CPUs in the Tiger Lake family sig=0x806c1
    fail to boot (LP: #1903883)
    - remove 06-8c-01/0x000806c1 microcode

 -- Alex Murray <email address hidden> Mon, 10 May 2021 16:37:53 +0930

Changed in intel-microcode (Ubuntu Hirsute):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package intel-microcode - 3.20210216.0ubuntu0.20.04.1

---------------
intel-microcode (3.20210216.0ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: New upstream microcode datafile 2021-02-16 (LP: #1927911)
    + Updated Microcodes:
      sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
      sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
      sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
      sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752
    - CVE-2020-8695 RAPL, INTEL-TA-00389
    - CVE-2020-8696 Vector Register Leakage-Active, INTEL-TA-00381
    - CVE-2020-8698 Fast forward store predictor, INTEL-TA-00381

 -- Alex Murray <email address hidden> Mon, 10 May 2021 16:42:34 +0930

Changed in intel-microcode (Ubuntu Focal):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package intel-microcode - 3.20210216.0ubuntu0.18.04.1

---------------
intel-microcode (3.20210216.0ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: New upstream microcode datafile 2021-02-16 (LP: #1927911)
    + Updated Microcodes:
      sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
      sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
      sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
      sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752
    - CVE-2020-8695 RAPL, INTEL-TA-00389
    - CVE-2020-8696 Vector Register Leakage-Active, INTEL-TA-00381
    - CVE-2020-8698 Fast forward store predictor, INTEL-TA-00381

 -- Alex Murray <email address hidden> Mon, 10 May 2021 16:42:49 +0930

Changed in intel-microcode (Ubuntu Bionic):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package intel-microcode - 3.20210216.0ubuntu0.20.10.1

---------------
intel-microcode (3.20210216.0ubuntu0.20.10.1) groovy-security; urgency=medium

  * SECURITY UPDATE: New upstream microcode datafile 2021-02-16 (LP: #1927911)
    + Updated Microcodes:
      sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
      sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
      sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
      sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752
    - CVE-2020-8695 RAPL, INTEL-TA-00389
    - CVE-2020-8696 Vector Register Leakage-Active, INTEL-TA-00381
    - CVE-2020-8698 Fast forward store predictor, INTEL-TA-00381

 -- Alex Murray <email address hidden> Mon, 10 May 2021 16:41:24 +0930

Changed in intel-microcode (Ubuntu Groovy):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package intel-microcode - 3.20210216.0ubuntu0.16.04.1

---------------
intel-microcode (3.20210216.0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: New upstream microcode datafile 2021-02-16 (LP: #1927911)
    + Updated Microcodes:
      sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
      sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
      sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
      sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752
    - CVE-2020-8695 RAPL, INTEL-TA-00389
    - CVE-2020-8696 Vector Register Leakage-Active, INTEL-TA-00381
    - CVE-2020-8698 Fast forward store predictor, INTEL-TA-00381

 -- Alex Murray <email address hidden> Fri, 14 May 2021 16:31:00 +0930

Changed in intel-microcode (Ubuntu Xenial):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.