From 4f40bcbef1ef9df63fbfbbffb5c0d34d714c4e20 Mon Sep 17 00:00:00 2001 From: Eugene Syromiatnikov Date: Fri, 10 Jun 2022 19:26:33 +0200 Subject: [PATCH] Update Intel CPU microcode to microcode-20220510 release - Update Intel CPU microcode to microcode-20220510 release, addresses CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151 (#2086743): - Addition of 06-97-02/0x03 (ADL-HX C0) microcode at revision 0x1f; - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in intel-ucode/06-97-02) at revision 0x1f; - Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-02) at revision 0x1f; - Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-02) at revision 0x1f; - Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in intel-ucode/06-97-05) at revision 0x1f; - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode at revision 0x1f; - Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-05) at revision 0x1f; - Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-05) at revision 0x1f; - Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode at revision 0x41c; - Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in intel-ucode/06-9a-03) at revision 0x41c; - Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in intel-ucode/06-9a-04) at revision 0x41c; - Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode at revision 0x41c; - Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in intel-ucode/06-bf-02) at revision 0x1f; - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in intel-ucode/06-bf-02) at revision 0x1f; - Addition of 06-bf-02/0x03 (ADL C0) microcode at revision 0x1f; - Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-bf-02) at revision 0x1f; - Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in intel-ucode/06-bf-05) at revision 0x1f; - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in intel-ucode/06-bf-05) at revision 0x1f; - Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-bf-05) at revision 0x1f; - Addition of 06-bf-05/0x03 (ADL C0) microcode at revision 0x1f; - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xec up to 0xf0; - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006c0a up to 0x2006d05; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xec up to 0xf0; - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in intel-06-8c-01/intel-ucode/06-8c-01) from revision 0x9a up to 0xa4; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xec up to 0xf0; - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xec up to 0xf0; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xec up to 0xf0; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xec up to 0xf0; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from revision 0xec up to 0xf0; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xec up to 0xf0; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xec up to 0xf0; - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xec up to 0xf0; - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xec up to 0xf0; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xec up to 0xf0; - Update of 06-37-09/0x0f (VLV D0) microcode from revision 0x90c up to 0x90d; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015c up to 0x100015d; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400320a up to 0x4003302; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x500320a up to 0x5003302; - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002402 up to 0x7002501; - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x46 up to 0x48; - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x24 up to 0x28; - Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x36 up to 0x38; - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd000331 up to 0xd000363; - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x38 up to 0x3a; - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1c up to 0x1e; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa8 up to 0xb0; - Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x2d up to 0x31; - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x22 up to 0x26; - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x3c up to 0x3e; - Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x15 up to 0x16; - Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x2400001f up to 0x24000023; - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xec up to 0xf0; - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xec up to 0xf0; - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xee up to 0xf0; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xea up to 0xf0; - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision 0xec up to 0xf0; - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x50 up to 0x53. * .gitignore: Replace /microcode-20220207.tar.gz entry with /microcode-20220510.tar.gz. * 0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch: New patch. * 06-4e-03_readme: Add a checksum for revision 0xf0, add the link to the 2022.1 IPU KB article. * 06-55-04_readme: Add a checksum for revision 0x2006d05, add the link to the 2022.1 IPU KB article. * 06-5e-03_readme: Add a checksum for revision 0xf0, add the link to the 2022.1 IPU KB article. * 06-8c-01_readme: Add a checksum for revision 0xa4, add the link to the 2022.1 IPU KB article. * 06-8e-9e-0x-0xca_readme: Add checksums for revision 0xf0, add the link to the 2022.1 IPU KB article. * 06-8e-9e-0x-dell_readme: Likewise. * codenames.list: Add an entry for CPU signatures 90672 (ADL-S/HX C0), 90675 (ADL-S K0), 906a3 (ADL-P L0, ADL-U R0), 906a4 (ADL-P R0), b06f2 (ADL C0), and b06f5 (ADL C0). * microcode_ctl.spec (intel_ucode_version): Bump to 20220510. (Patch1001): New patch (fixes in releasenote.md). (%prep): Apply it. (%changelog): Add a record. * sources: Replace microcode-20220207.tar.gz record with microcode-20220510.tar.gz. Resolves: #2090248 Resolves: #2090261 Resolves: #2086751 Resolves: #2040069 Signed-off-by: Eugene Syromiatnikov --- .gitignore | 2 +- ...hanges-summary-fixes-for-microcode-2.patch | 47 +++++++ 06-4e-03_readme | 8 ++ 06-55-04_readme | 10 ++ 06-5e-03_readme | 8 ++ 06-8c-01_readme | 3 + 06-8e-9e-0x-0xca_readme | 17 +++ 06-8e-9e-0x-dell_readme | 17 +++ README.caveats | 9 ++ codenames.list | 10 +- microcode_ctl.spec | 132 +++++++++++++++++- sources | 2 +- 12 files changed, 261 insertions(+), 4 deletions(-) create mode 100644 0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch diff --git a/.gitignore b/.gitignore index 01ed5bf..ece0978 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ /microcode-20190918.tar.gz /microcode-20191115.tar.gz -/microcode-20220207.tar.gz +/microcode-20220510.tar.gz /06-2d-07 /06-4e-03 /06-55-04 diff --git a/0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch b/0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch new file mode 100644 index 0000000..938e31b --- /dev/null +++ b/0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch @@ -0,0 +1,47 @@ +From 6ff5aa24a9460441cf2f1008792af134aeca0931 Mon Sep 17 00:00:00 2001 +From: Eugene Syromiatnikov +Date: Tue, 10 May 2022 20:48:31 +0200 +Subject: [PATCH] releasenote.md: changes summary fixes for microcode-20220510 + +* releasenote.md (New Platforms): Change the second 06-bf-02/03 entry +to 06-bf-05/03. +(Updated Platforms): Change the case to lower in PF of 06-37-09/0f; +change "GKL-R" to "GLK-R" (stands for Gemini Lake Refresh). + +Signed-off-by: Eugene Syromiatnikov +--- + releasenote.md | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/releasenote.md b/releasenote.md +index 7fac640..c4a1ba7 100644 +--- a/releasenote.md ++++ b/releasenote.md +@@ -18,13 +18,13 @@ + | ADL | L0 | 06-9a-03/80 | | 0000041c | Core Gen12 + | ADL | L0 | 06-9a-04/80 | | 0000041c | Core Gen12 + | ADL | C0 | 06-bf-02/03 | | 0000001f | Core Gen12 +-| ADL | C0 | 06-bf-02/03 | | 0000001f | Core Gen12 ++| ADL | C0 | 06-bf-05/03 | | 0000001f | Core Gen12 + + ### Updated Platforms + + | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products + |:---------------|:---------|:------------|:---------|:---------|:--------- +-| VLV | D0 | 06-37-09/0F | 0000090c | 0000090d | Atom E38xx ++| VLV | D0 | 06-37-09/0f | 0000090c | 0000090d | Atom E38xx + | SKL-U/Y | D0 | 06-4e-03/c0 | 000000ec | 000000f0 | Core Gen6 Mobile + | SKX-SP | B1 | 06-55-03/97 | 0100015c | 0100015d | Xeon Scalable + | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006c0a | 02006d05 | Xeon Scalable +@@ -38,7 +38,7 @@ + | DNV | B0 | 06-5f-01/01 | 00000036 | 00000038 | Atom C Series + | ICX-SP | D0 | 06-6a-06/87 | 0d000331 | 0d000363 | Xeon Scalable Gen3 + | GLK | B0 | 06-7a-01/01 | 00000038 | 0000003a | Pentium Silver N/J5xxx, Celeron N/J4xxx +-| GKL-R | R0 | 06-7a-08/01 | 0000001c | 0000001e | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 ++| GLK-R | R0 | 06-7a-08/01 | 0000001c | 0000001e | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 + | ICL-U/Y | D1 | 06-7e-05/80 | 000000a8 | 000000b0 | Core Gen10 Mobile + | LKF | B2/B3 | 06-8a-01/10 | 0000002d | 00000031 | Core w/Hybrid Technology + | TGL | B1 | 06-8c-01/80 | 0000009a | 000000a4 | Core Gen11 Mobile +-- +2.13.6 + diff --git a/06-4e-03_readme b/06-4e-03_readme index 3eceda2..e27b0d9 100644 --- a/06-4e-03_readme +++ b/06-4e-03_readme @@ -15,6 +15,7 @@ microcode revisions in question are listed below: * 06-4e-03, revision 0xe2: 41f4513cf563605bc85db38056ac430dec948366 * 06-4e-03, revision 0xea: 5a54cab9f22f69b819d663e5747ed6ea2a326c55 * 06-4e-03, revision 0xec: d949a8543d2464d955f5dc4b0777cac863f48729 + * 06-4e-03, revision 0xf0: 37475bac70457ba8df2c1a32bba81bd7bd27d5e8 Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions @@ -49,6 +50,13 @@ to the following knowledge base articles: https://access.redhat.com/articles/6101171 * CVE-2021-0127 (Intel Processor Breakpoint Control Flow): https://access.redhat.com/articles/6716541 + * CVE-2022-0005 (Informational disclosure via JTAG), + CVE-2022-21123 (Shared Buffers Data Read), + CVE-2022-21125 (Shared Buffers Data Sampling), + CVE-2022-21127 (Update to Special Register Buffer Data Sampling), + CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure), + CVE-2022-21166 (Device Register Partial Write): + https://access.redhat.com/articles/6963124 The information regarding enforcing microcode update is provided below. diff --git a/06-55-04_readme b/06-55-04_readme index 76dfb48..7ebd3e4 100644 --- a/06-55-04_readme +++ b/06-55-04_readme @@ -21,6 +21,7 @@ microcode revisions in question are listed below: * 06-55-04, revision 0x2006a0a: 7ec27025329c82de9553c14a78733ad1013e5462 * 06-55-04, revision 0x2006b06: cb5bec976cb9754e3a22ab6828b3262a8f9eccf7 * 06-55-04, revision 0x2006c0a: 76b641375d136c08f5feb46aacebee40468ac085 + * 06-55-04, revision 0x2006d05: dc4207cf4eb916ff34acbdddc474db0df781234f Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions @@ -55,6 +56,15 @@ to the following knowledge base articles: https://access.redhat.com/articles/6101171 * CVE-2021-0127 (Intel Processor Breakpoint Control Flow): https://access.redhat.com/articles/6716541 + * CVE-2022-0005 (Informational disclosure via JTAG), + CVE-2022-21123 (Shared Buffers Data Read), + CVE-2022-21125 (Shared Buffers Data Sampling), + CVE-2022-21127 (Update to Special Register Buffer Data Sampling), + CVE-2022-21131 (Protected Processor Inventory Number (PPIN) access protection), + CVE-2022-21136 (Overclocking service access protection), + CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure), + CVE-2022-21166 (Device Register Partial Write): + https://access.redhat.com/articles/6963124 The information regarding disabling microcode update is provided below. diff --git a/06-5e-03_readme b/06-5e-03_readme index 9161617..f809f3e 100644 --- a/06-5e-03_readme +++ b/06-5e-03_readme @@ -18,6 +18,7 @@ microcode revisions in question are listed below: * 06-5e-03, revision 0xe2: 031e6e148b590d1c9cfdb6677539eeb4899e831c * 06-5e-03, revision 0xea: e6c37056a849fd281f2fdb975361a914e07b86c8 * 06-5e-03, revision 0xec: 6458bf25da4906479a01ffdcaa6d466e22722e01 + * 06-5e-03, revision 0xf0: 0683706bbbf470abbdad4b9923aa9647bfec9616 Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions @@ -52,6 +53,13 @@ to the following knowledge base articles: https://access.redhat.com/articles/6101171 * CVE-2021-0127 (Intel Processor Breakpoint Control Flow): https://access.redhat.com/articles/6716541 + * CVE-2022-0005 (Informational disclosure via JTAG), + CVE-2022-21123 (Shared Buffers Data Read), + CVE-2022-21125 (Shared Buffers Data Sampling), + CVE-2022-21127 (Update to Special Register Buffer Data Sampling), + CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure), + CVE-2022-21166 (Device Register Partial Write): + https://access.redhat.com/articles/6963124 The information regarding disabling microcode update is provided below. diff --git a/06-8c-01_readme b/06-8c-01_readme index 5185d20..7f0c33a 100644 --- a/06-8c-01_readme +++ b/06-8c-01_readme @@ -12,6 +12,7 @@ microcode revisions in question are listed below: * 06-8c-01, revision 0x68: 2204a6dee1688980cd228268fdf4b6ed5904fe04 * 06-8c-01, revision 0x88: 61b6590feb2769046d5b0c394179beaf2df51290 * 06-8c-01, revision 0x9a: 48b3ae8d27d8138b5b47052d2f8184bf555ad18e + * 06-8c-01, revision 0xa4: 70753f54f5be84376bdebeb710595e4dc2f6d92f Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions @@ -28,6 +29,8 @@ to the following knowledge base articles: https://access.redhat.com/articles/6101171 * CVE-2021-0145 (Fast store forward predictor - Cross Domain Training): https://access.redhat.com/articles/6716541 + * CVE-2022-21123 (Shared Buffers Data Read): + https://access.redhat.com/articles/6963124 The information regarding disabling microcode update is provided below. diff --git a/06-8e-9e-0x-0xca_readme b/06-8e-9e-0x-0xca_readme index bf830eb..819fced 100644 --- a/06-8e-9e-0x-0xca_readme +++ b/06-8e-9e-0x-0xca_readme @@ -102,6 +102,16 @@ in question: * 06-9e-0c, revision 0xec: 6e3d695290def517857c8e743dc65161479f0c04 * 06-9e-0d, revision 0xec: 58b1ec5fee7dd1a761ed901b374ccb978737a979 + * 06-8e-09, revision 0xf0: 219e2b9168a09451b17813b97995cc59cc78b414 + * 06-8e-0a, revision 0xf0: 3c4241d0b9d1a1a1e82d03b365fdd3b843006a7c + * 06-8e-0b, revision 0xf0: 79b61f034cba86e61641114bbab49ec0166c0f35 + * 06-8e-0c, revision 0xf0: 11d166de440dbe9c440e90cb610ef4b9d48242b1 + * 06-9e-09, revision 0xf0: 49e142da74e7298b2db738ff7dd1a9b0fa4e0c3e + * 06-9e-0a, revision 0xf0: 8de1d4a80cd683bf09854c33905c69d3d7ac7730 + * 06-9e-0b, revision 0xf0: ff092c6ac8333f0abcd94f7d2e2088f31d960e62 + * 06-9e-0c, revision 0xf0: 3702f21e87b75bea6f4b1ee0407b941ef31d4ad1 + * 06-9e-0d, revision 0xf0: 226feaaa431eb76e734ab68efc2ea7b07aa3c7d9 + Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions required for mitigating specific side-channel cache attacks, please refer @@ -135,6 +145,13 @@ to the following knowledge base articles: https://access.redhat.com/articles/6101171 * CVE-2021-0127 (Intel Processor Breakpoint Control Flow): https://access.redhat.com/articles/6716541 + * CVE-2022-0005 (Informational disclosure via JTAG), + CVE-2022-21123 (Shared Buffers Data Read), + CVE-2022-21125 (Shared Buffers Data Sampling), + CVE-2022-21127 (Update to Special Register Buffer Data Sampling), + CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure), + CVE-2022-21166 (Device Register Partial Write): + https://access.redhat.com/articles/6963124 The information regarding disabling microcode update is provided below. diff --git a/06-8e-9e-0x-dell_readme b/06-8e-9e-0x-dell_readme index bca53eb..163ed32 100644 --- a/06-8e-9e-0x-dell_readme +++ b/06-8e-9e-0x-dell_readme @@ -102,6 +102,16 @@ in question: * 06-9e-0c, revision 0xec: 6e3d695290def517857c8e743dc65161479f0c04 * 06-9e-0d, revision 0xec: 58b1ec5fee7dd1a761ed901b374ccb978737a979 + * 06-8e-09, revision 0xf0: 219e2b9168a09451b17813b97995cc59cc78b414 + * 06-8e-0a, revision 0xf0: 3c4241d0b9d1a1a1e82d03b365fdd3b843006a7c + * 06-8e-0b, revision 0xf0: 79b61f034cba86e61641114bbab49ec0166c0f35 + * 06-8e-0c, revision 0xf0: 11d166de440dbe9c440e90cb610ef4b9d48242b1 + * 06-9e-09, revision 0xf0: 49e142da74e7298b2db738ff7dd1a9b0fa4e0c3e + * 06-9e-0a, revision 0xf0: 8de1d4a80cd683bf09854c33905c69d3d7ac7730 + * 06-9e-0b, revision 0xf0: ff092c6ac8333f0abcd94f7d2e2088f31d960e62 + * 06-9e-0c, revision 0xf0: 3702f21e87b75bea6f4b1ee0407b941ef31d4ad1 + * 06-9e-0d, revision 0xf0: 226feaaa431eb76e734ab68efc2ea7b07aa3c7d9 + Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions required for mitigating specific side-channel cache attacks, please refer @@ -135,6 +145,13 @@ to the following knowledge base articles: https://access.redhat.com/articles/6101171 * CVE-2021-0127 (Intel Processor Breakpoint Control Flow): https://access.redhat.com/articles/6716541 + * CVE-2022-0005 (Informational disclosure via JTAG), + CVE-2022-21123 (Shared Buffers Data Read), + CVE-2022-21125 (Shared Buffers Data Sampling), + CVE-2022-21127 (Update to Special Register Buffer Data Sampling), + CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure), + CVE-2022-21166 (Device Register Partial Write): + https://access.redhat.com/articles/6963124 The information regarding disabling microcode update is provided below. diff --git a/README.caveats b/README.caveats index cf1aa9a..6e43232 100644 --- a/README.caveats +++ b/README.caveats @@ -865,3 +865,12 @@ Intel CPU vulnerabilities is available in the following knowledge base articles: CVE-2021-0146 (VT-d-related Privilege Escalation), CVE-2021-33120 (Out of bounds read for some Intel Atom processors): https://access.redhat.com/articles/6716541 + * CVE-2022-0005 (Informational disclosure via JTAG), + CVE-2022-21123 (Shared Buffers Data Read), + CVE-2022-21125 (Shared Buffers Data Sampling), + CVE-2022-21127 (Update to Special Register Buffer Data Sampling), + CVE-2022-21131 (Protected Processor Inventory Number (PPIN) access protection), + CVE-2022-21136 (Overclocking service access protection), + CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure), + CVE-2022-21166 (Device Register Partial Write): + https://access.redhat.com/articles/6963124 diff --git a/codenames.list b/codenames.list index f957dc6..a48b6da 100644 --- a/codenames.list +++ b/codenames.list @@ -272,6 +272,7 @@ Server;;Knights Mill;A0;08;80650;KNM;;Xeon Phi 72x5;Xeon Phi 7235, 7285, 7295 SOC;;Snow Ridge;B0;01;80664;SNR;;Atom P59xxB; SOC;;Snow Ridge;B1;01;80665;SNR;;Atom P59xxB; SOC;;Snow Ridge;C0;01;80667;SNR;;Atom P59xxB; +SOC;;Lakefield;B2,B3;10;806a1;LKF;;Core w/Hybrid Technology; Mobile;;Tiger Lake;B1;80;806c1;TGL;UP3,UP4;Core Gen11 Mobile; Mobile;;Tiger Lake Refresh;C0;80;806c2;TGL;R;Core Gen11 Mobile; Mobile;;Tiger Lake;R0;c2;806d1;TGL;H;Core Gen11 Mobile; @@ -286,6 +287,12 @@ Mobile;;Whiskey Lake;W0;d0;806eb;WHL;U;Core Gen8 Mobile; Mobile;;Whiskey Lake;V0;94;806ec;WHL;U;Core Gen8 Mobile; Mobile;;Whiskey Lake;V0;94;806ed;WHL;U;Core Gen8 Mobile; SOC;;Elkhart Rate;B1;01;90661;EHL;;Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E; +Desktop;;Alder Lake;C0;02;90672;ADL;S 8+8;Core Gen12; +Mobile;;Alder Lake;C0;03;90672;ADL;HX;Core Gen12 Mobile; +Desktop;;Alder Lake;K0;01;90675;ADL;S 6+0;Core Gen12; +Mobile;;Alder Lake;L0;82;906a3;ADL;P 6+8;Core Gen12 Mobile; +Mobile;;Alder Lake;R0;80;906a3;ADL;U 9W;Core Gen12 Mobile; +Mobile;;Alder Lake;R0;82;906a4;ADL;P 2+8;Core Gen12 Mobile; Desktop;;Kaby Lake;B0;2a;906e9;KBL;S,X;Core Gen7; Mobile;;Kaby Lake;B0;2a;906e9;KBL;G,H;Core Gen7 Mobile; Server;;Kaby Lake;B0;2a;906e9;KBL;Xeon E3;Xeon E3 v6; @@ -308,7 +315,8 @@ Desktop;;Comet Lake;Q0;22;a0655;CML;S 10+2;Core Gen10 Desktop; Mobile;;Comet Lake;A0;80;a0660;CML;U 6+2;Core Gen10 Mobile; Mobile;;Comet Lake;K1;80;a0661;CML;U 6+2 v2;Core Gen10 Mobile; Desktop;;Rocket Lake;B0;02;a0671;RKL;S;Core Gen11; -SOC;;Lakefield;B2,B3;10;806a1;LKF;;Core w/Hybrid Technology; +Desktop;;Alder Lake;C0;03;b06f2;ADL;;Core Gen12; +Desktop;;Alder Lake;C0;03;b06f5;ADL;;Core Gen12; # sources: # https://en.wikichip.org/wiki/intel/cpuid diff --git a/microcode_ctl.spec b/microcode_ctl.spec index 20e3aee..1a4b006 100644 --- a/microcode_ctl.spec +++ b/microcode_ctl.spec @@ -1,4 +1,4 @@ -%define intel_ucode_version 20220207 +%define intel_ucode_version 20220510 %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats %define microcode_ctl_libexec %{_libexecdir}/microcode_ctl @@ -121,6 +121,9 @@ Source1000: gen_provides.sh Source1001: codenames.list Source1002: gen_updates2.py +# microcode-20220510-1-g6ff5aa2 "releasenote.md: changes summary fixes for microcode-20220510" +Patch1001: 0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch + BuildArch: noarch BuildRequires: systemd-units # dd, hexdump, and xxd are used in gen_provides.sh @@ -149,6 +152,8 @@ is no longer used for microcode upload and, as a result, no longer provided. %prep %setup -n "Intel-Linux-Processor-Microcode-Data-Files-microcode-%{intel_ucode_version}" +%patch1001 -p1 + %build # replacing SNB-EP (CPUID 0x206d7) microcode with pre-MDS version mv intel-ucode/06-2d-07 intel-ucode-with-caveats/ @@ -545,6 +550,131 @@ rm -rf %{buildroot} %changelog +* Tue May 10 2022 Eugene Syromiatnikov - 4:20220510-1 +- Update Intel CPU microcode to microcode-20220510 release, addresses + CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151 (#2090248, + #2090261, #2086751, #2040069): + - Addition of 06-97-02/0x03 (ADL-HX C0) microcode at revision 0x1f; + - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in + intel-ucode/06-97-02) at revision 0x1f; + - Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-02) + at revision 0x1f; + - Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-02) + at revision 0x1f; + - Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in + intel-ucode/06-97-05) at revision 0x1f; + - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode at revision 0x1f; + - Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-05) + at revision 0x1f; + - Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-05) + at revision 0x1f; + - Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode at + revision 0x41c; + - Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in + intel-ucode/06-9a-03) at revision 0x41c; + - Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in + intel-ucode/06-9a-04) at revision 0x41c; + - Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode at revision 0x41c; + - Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in + intel-ucode/06-bf-02) at revision 0x1f; + - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in + intel-ucode/06-bf-02) at revision 0x1f; + - Addition of 06-bf-02/0x03 (ADL C0) microcode at revision 0x1f; + - Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-bf-02) + at revision 0x1f; + - Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in + intel-ucode/06-bf-05) at revision 0x1f; + - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in + intel-ucode/06-bf-05) at revision 0x1f; + - Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-bf-05) + at revision 0x1f; + - Addition of 06-bf-05/0x03 (ADL C0) microcode at revision 0x1f; + - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in + intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xec up to 0xf0; + - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in + intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006c0a up + to 0x2006d05; + - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in + intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xec up to 0xf0; + - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in + intel-06-8c-01/intel-ucode/06-8c-01) from revision 0x9a up to 0xa4; + - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xec up + to 0xf0; + - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xec up + to 0xf0; + - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xec up + to 0xf0; + - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xec up + to 0xf0; + - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) + microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from + revision 0xec up to 0xf0; + - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xec up + to 0xf0; + - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xec up + to 0xf0; + - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xec up + to 0xf0; + - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xec up + to 0xf0; + - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xec up + to 0xf0; + - Update of 06-37-09/0x0f (VLV D0) microcode from revision 0x90c up + to 0x90d; + - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015c + up to 0x100015d; + - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400320a + up to 0x4003302; + - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision + 0x500320a up to 0x5003302; + - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002402 + up to 0x7002501; + - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x46 up + to 0x48; + - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x24 up + to 0x28; + - Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x36 up + to 0x38; + - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd000331 + up to 0xd000363; + - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x38 up + to 0x3a; + - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1c up + to 0x1e; + - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa8 + up to 0xb0; + - Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x2d up + to 0x31; + - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x22 up + to 0x26; + - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x3c up + to 0x3e; + - Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x15 up + to 0x16; + - Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x2400001f + up to 0x24000023; + - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xec up + to 0xf0; + - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xec + up to 0xf0; + - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xee + up to 0xf0; + - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xea + up to 0xf0; + - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision + 0xec up to 0xf0; + - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x50 up + to 0x53. + * Thu Feb 10 2022 Eugene Syromiatnikov - 4:20220207-1 - Update Intel CPU microcode to microcode-20220207 release, addresses CVE-2021-0127, CVE-2021-0145, and CVE-2021-33120 (#2053253): diff --git a/sources b/sources index c8a1039..199e5ff 100644 --- a/sources +++ b/sources @@ -1,6 +1,6 @@ SHA512 (microcode-20190918.tar.gz) = 82e5212238d3e35470d139240d9157877ac252725598ec31bfe1763755681539a4ecdf24e04c4e4270215578a9ca3c063c8fc353accf99999c3d4ac2780a6e0c SHA512 (microcode-20191115.tar.gz) = 11014c16bde83ac290bc75e458242f5e64b8dffd49de2e938f61f4a09979cd5e80dd1a85d2ccbac067e4398dc3d93ef3583e4aa9b2e545ba46d26e65ec1e2881 -SHA512 (microcode-20220207.tar.gz) = efa9f80815947cf2be371e7da7185634cbacefe779d1d6dfef0c15b78ccae7d2740ea6681b967a19dfbcc3014edce5bcdcdba87c9dea1f19d0415a03fca9e936 +SHA512 (microcode-20220510.tar.gz) = 00329ce62a6d9cc66fb8594d132ef67951086ab1250ceaf908d5a357753ed62557275f55c5eb7b3ad55d1fdd312b5d1a436b214cdcbf6e3e1a840c8bf6f4795d SHA512 (06-2d-07) = 631ec8ad8ad3c9b32d9569689f673010d26c13c7cc377d66b8fc5150de52485076d1514ba867dfa4f468889a31d6701cd8a0789d465ad069d98c8ea0f5bd3204 SHA512 (06-4e-03) = 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567 SHA512 (06-55-04) = db2783cd62680510a7105e7c3fd9d5fffac6a33159ba811f4669f8afb9a5badde4c009bf1868e6a53eb3ac2286812404127bcd45fcbc65fe004788e25ae3e222