diff --git a/.gitignore b/.gitignore index 62c596f..01ed5bf 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ /microcode-20190918.tar.gz /microcode-20191115.tar.gz -/microcode-20210608.tar.gz +/microcode-20220207.tar.gz /06-2d-07 /06-4e-03 /06-55-04 diff --git a/06-4e-03_readme b/06-4e-03_readme index 13cb72a..3eceda2 100644 --- a/06-4e-03_readme +++ b/06-4e-03_readme @@ -14,6 +14,7 @@ microcode revisions in question are listed below: * 06-4e-03, revision 0xdc: cd1733458d187486999337ff8b51eeaa0cfbca6c * 06-4e-03, revision 0xe2: 41f4513cf563605bc85db38056ac430dec948366 * 06-4e-03, revision 0xea: 5a54cab9f22f69b819d663e5747ed6ea2a326c55 + * 06-4e-03, revision 0xec: d949a8543d2464d955f5dc4b0777cac863f48729 Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions @@ -46,6 +47,8 @@ to the following knowledge base articles: CVE-2020-24512 (Observable Timing Discrepancy), CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): https://access.redhat.com/articles/6101171 + * CVE-2021-0127 (Intel Processor Breakpoint Control Flow): + https://access.redhat.com/articles/6716541 The information regarding enforcing microcode update is provided below. diff --git a/06-55-04_readme b/06-55-04_readme index b8d3618..76dfb48 100644 --- a/06-55-04_readme +++ b/06-55-04_readme @@ -20,6 +20,7 @@ microcode revisions in question are listed below: * 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212 * 06-55-04, revision 0x2006a0a: 7ec27025329c82de9553c14a78733ad1013e5462 * 06-55-04, revision 0x2006b06: cb5bec976cb9754e3a22ab6828b3262a8f9eccf7 + * 06-55-04, revision 0x2006c0a: 76b641375d136c08f5feb46aacebee40468ac085 Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions @@ -52,6 +53,8 @@ to the following knowledge base articles: CVE-2020-24512 (Observable Timing Discrepancy), CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): https://access.redhat.com/articles/6101171 + * CVE-2021-0127 (Intel Processor Breakpoint Control Flow): + https://access.redhat.com/articles/6716541 The information regarding disabling microcode update is provided below. diff --git a/06-5e-03_readme b/06-5e-03_readme index 9beb75e..9161617 100644 --- a/06-5e-03_readme +++ b/06-5e-03_readme @@ -17,6 +17,7 @@ microcode revisions in question are listed below: * 06-5e-03, revision 0xdc: 5e1020a10678cfc60980131c3d3a2cfd462b4dd7 * 06-5e-03, revision 0xe2: 031e6e148b590d1c9cfdb6677539eeb4899e831c * 06-5e-03, revision 0xea: e6c37056a849fd281f2fdb975361a914e07b86c8 + * 06-5e-03, revision 0xec: 6458bf25da4906479a01ffdcaa6d466e22722e01 Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions @@ -49,6 +50,8 @@ to the following knowledge base articles: CVE-2020-24512 (Observable Timing Discrepancy), CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): https://access.redhat.com/articles/6101171 + * CVE-2021-0127 (Intel Processor Breakpoint Control Flow): + https://access.redhat.com/articles/6716541 The information regarding disabling microcode update is provided below. diff --git a/06-8c-01_readme b/06-8c-01_readme index 9625c42..5185d20 100644 --- a/06-8c-01_readme +++ b/06-8c-01_readme @@ -11,6 +11,7 @@ For the reference, SHA1 checksums of 06-8c-01 microcode files containing microcode revisions in question are listed below: * 06-8c-01, revision 0x68: 2204a6dee1688980cd228268fdf4b6ed5904fe04 * 06-8c-01, revision 0x88: 61b6590feb2769046d5b0c394179beaf2df51290 + * 06-8c-01, revision 0x9a: 48b3ae8d27d8138b5b47052d2f8184bf555ad18e Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions @@ -25,6 +26,8 @@ to the following knowledge base articles: CVE-2020-24512 (Observable Timing Discrepancy), CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): https://access.redhat.com/articles/6101171 + * CVE-2021-0145 (Fast store forward predictor - Cross Domain Training): + https://access.redhat.com/articles/6716541 The information regarding disabling microcode update is provided below. diff --git a/06-8e-9e-0x-0xca_readme b/06-8e-9e-0x-0xca_readme index 22f47dd..bf830eb 100644 --- a/06-8e-9e-0x-0xca_readme +++ b/06-8e-9e-0x-0xca_readme @@ -92,6 +92,16 @@ in question: * 06-9e-0c, revision 0xea: 1329a4d8166fe7d70833d21428936254e11efbb4 * 06-9e-0d, revision 0xea: 9c73f2ac6c4edbf8b0aefdd5d6780c7219be702a + * 06-8e-09, revision 0xec: 78eb624be5e8084e438318bdad99f9ddc082def7 + * 06-8e-0a, revision 0xec: 6c41a6ad412f48f81a9d5edf59dcdecc358398bf + * 06-8e-0b, revision 0xec: 89dd0de598c83eb9714f6839499f322dfce2b693 + * 06-8e-0c, revision 0xec: 225ea349b9cb3b1b94e237deb797e0c60d14a84c + * 06-9e-09, revision 0xec: fc5c0206fe392a0ddad4dc9363fde2d3e3d1e681 + * 06-9e-0a, revision 0xec: 128002076e4ac3c75697fb4efdf1f8ddcc971fbe + * 06-9e-0b, revision 0xec: ac8c3865a143b2e03869f15a5b86e560f60ad632 + * 06-9e-0c, revision 0xec: 6e3d695290def517857c8e743dc65161479f0c04 + * 06-9e-0d, revision 0xec: 58b1ec5fee7dd1a761ed901b374ccb978737a979 + Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions required for mitigating specific side-channel cache attacks, please refer @@ -118,6 +128,13 @@ to the following knowledge base articles: CVE-2020-8696 (Vector Register Leakage-Active), CVE-2020-8698 (Fast Forward Store Predictor): https://access.redhat.com/articles/5569051 + * CVE-2020-24489 (VT-d-related Privilege Escalation), + CVE-2020-24511 (Improper Isolation of Shared Resources), + CVE-2020-24512 (Observable Timing Discrepancy), + CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): + https://access.redhat.com/articles/6101171 + * CVE-2021-0127 (Intel Processor Breakpoint Control Flow): + https://access.redhat.com/articles/6716541 The information regarding disabling microcode update is provided below. diff --git a/06-8e-9e-0x-dell_readme b/06-8e-9e-0x-dell_readme index 0f12fee..bca53eb 100644 --- a/06-8e-9e-0x-dell_readme +++ b/06-8e-9e-0x-dell_readme @@ -92,6 +92,16 @@ in question: * 06-9e-0c, revision 0xea: 1329a4d8166fe7d70833d21428936254e11efbb4 * 06-9e-0d, revision 0xea: 9c73f2ac6c4edbf8b0aefdd5d6780c7219be702a + * 06-8e-09, revision 0xec: 78eb624be5e8084e438318bdad99f9ddc082def7 + * 06-8e-0a, revision 0xec: 6c41a6ad412f48f81a9d5edf59dcdecc358398bf + * 06-8e-0b, revision 0xec: 89dd0de598c83eb9714f6839499f322dfce2b693 + * 06-8e-0c, revision 0xec: 225ea349b9cb3b1b94e237deb797e0c60d14a84c + * 06-9e-09, revision 0xec: fc5c0206fe392a0ddad4dc9363fde2d3e3d1e681 + * 06-9e-0a, revision 0xec: 128002076e4ac3c75697fb4efdf1f8ddcc971fbe + * 06-9e-0b, revision 0xec: ac8c3865a143b2e03869f15a5b86e560f60ad632 + * 06-9e-0c, revision 0xec: 6e3d695290def517857c8e743dc65161479f0c04 + * 06-9e-0d, revision 0xec: 58b1ec5fee7dd1a761ed901b374ccb978737a979 + Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions required for mitigating specific side-channel cache attacks, please refer @@ -118,6 +128,13 @@ to the following knowledge base articles: CVE-2020-8696 (Vector Register Leakage-Active), CVE-2020-8698 (Fast Forward Store Predictor): https://access.redhat.com/articles/5569051 + * CVE-2020-24489 (VT-d-related Privilege Escalation), + CVE-2020-24511 (Improper Isolation of Shared Resources), + CVE-2020-24512 (Observable Timing Discrepancy), + CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): + https://access.redhat.com/articles/6101171 + * CVE-2021-0127 (Intel Processor Breakpoint Control Flow): + https://access.redhat.com/articles/6716541 The information regarding disabling microcode update is provided below. diff --git a/README.caveats b/README.caveats index 9529de3..cf1aa9a 100644 --- a/README.caveats +++ b/README.caveats @@ -860,3 +860,8 @@ Intel CPU vulnerabilities is available in the following knowledge base articles: CVE-2020-24512 (Observable Timing Discrepancy), CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): https://access.redhat.com/articles/6101171 + * CVE-2021-0127 (Intel Processor Breakpoint Control Flow), + CVE-2021-0145 (Fast store forward predictor - Cross Domain Training), + CVE-2021-0146 (VT-d-related Privilege Escalation), + CVE-2021-33120 (Out of bounds read for some Intel Atom processors): + https://access.redhat.com/articles/6716541 diff --git a/codenames.list b/codenames.list index f2eaa75..f957dc6 100644 --- a/codenames.list +++ b/codenames.list @@ -271,6 +271,7 @@ Mobile;;Ice Lake;D1;80;706e5;ICL;U,Y;Core Gen10 Mobile; Server;;Knights Mill;A0;08;80650;KNM;;Xeon Phi 72x5;Xeon Phi 7235, 7285, 7295 SOC;;Snow Ridge;B0;01;80664;SNR;;Atom P59xxB; SOC;;Snow Ridge;B1;01;80665;SNR;;Atom P59xxB; +SOC;;Snow Ridge;C0;01;80667;SNR;;Atom P59xxB; Mobile;;Tiger Lake;B1;80;806c1;TGL;UP3,UP4;Core Gen11 Mobile; Mobile;;Tiger Lake Refresh;C0;80;806c2;TGL;R;Core Gen11 Mobile; Mobile;;Tiger Lake;R0;c2;806d1;TGL;H;Core Gen11 Mobile; diff --git a/microcode_ctl.spec b/microcode_ctl.spec index 944b7d3..20e3aee 100644 --- a/microcode_ctl.spec +++ b/microcode_ctl.spec @@ -1,4 +1,4 @@ -%define intel_ucode_version 20210608 +%define intel_ucode_version 20220207 %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats %define microcode_ctl_libexec %{_libexecdir}/microcode_ctl @@ -12,7 +12,7 @@ Summary: CPU microcode updates for Intel x86 processors Name: microcode_ctl Version: %{intel_ucode_version} -Release: 2%{?dist} +Release: 1%{?dist} Epoch: 4 License: CC0 and Redistributable, no modification permitted URL: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files @@ -545,6 +545,112 @@ rm -rf %{buildroot} %changelog +* Thu Feb 10 2022 Eugene Syromiatnikov - 4:20220207-1 +- Update Intel CPU microcode to microcode-20220207 release, addresses + CVE-2021-0127, CVE-2021-0145, and CVE-2021-33120 (#2053253): + - Removal of 06-86-04/0x01 (SNR B0) microcode at revision 0xb00000f; + - Removal of 06-86-05/0x01 (SNR B1) microcode (in intel-ucode/06-86-04) + at revision 0xb00000f; + - Removal of 06-86-04/0x01 (SNR B0) microcode (in intel-ucode/06-86-05) + at revision 0xb00000f; + - Removal of 06-86-05/0x01 (SNR B1) microcode at revision 0xb00000f; + - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in + intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xea up to 0xec; + - Update of 06-4f-01/0xef (BDX-E/EP/EX/ML B0/M0/R0) microcode (in + intel-06-4f-01/intel-ucode/06-4f-01) from revision 0xb00003e up + to 0xb000040; + - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in + intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006b06 up + to 0x2006c0a; + - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in + intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xea up to 0xec; + - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in + intel-06-8c-01/intel-ucode/06-8c-01) from revision 0x88 up to 0x9a; + - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xea up + to 0xec; + - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xea up + to 0xec; + - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xea up + to 0xec; + - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xea up + to 0xec; + - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) + microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from + revision 0xea up to 0xec; + - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xea up + to 0xec; + - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xea up + to 0xec; + - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xea up + to 0xec; + - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xea up + to 0xec; + - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xea up + to 0xec; + - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode + from revision 0x46 up to 0x49; + - Update of 06-3f-04/0x80 (HSX-EX E0) microcode from revision 0x19 up + to 0x1a; + - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015b + up to 0x100015c; + - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4003102 + up to 0x400320a; + - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision + 0x5003102 up to 0x500320a; + - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002302 + up to 0x7002402; + - Update of 06-56-03/0x10 (BDX-DE V2/V3) microcode from revision + 0x700001b up to 0x700001c; + - Update of 06-56-04/0x10 (BDX-DE Y0) microcode from revision 0xf000019 + up to 0xf00001a; + - Update of 06-56-05/0x10 (BDX-NS A0/A1, HWL A1) microcode from revision + 0xe000012 up to 0xe000014; + - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x44 up + to 0x46; + - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x20 up + to 0x24; + - Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x34 up + to 0x36; + - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0002a0 + up to 0xd000331; + - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x36 up + to 0x38; + - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1a up + to 0x1c; + - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa6 + up to 0xa8; + - Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x2a up + to 0x2d; + - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x16 up + to 0x22; + - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x2c up + to 0x3c; + - Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x11 up + to 0x15; + - Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x1d up + to 0x2400001f; + - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xea up + to 0xec; + - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xea + up to 0xec; + - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xec + up to 0xee; + - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xe8 + up to 0xea; + - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision + 0xea up to 0xec; + - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x40 up + to 0x50. + * Mon Aug 09 2021 Mohan Boddu - 4:20210608-2 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 diff --git a/sources b/sources index 300d7fd..c8a1039 100644 --- a/sources +++ b/sources @@ -1,6 +1,6 @@ SHA512 (microcode-20190918.tar.gz) = 82e5212238d3e35470d139240d9157877ac252725598ec31bfe1763755681539a4ecdf24e04c4e4270215578a9ca3c063c8fc353accf99999c3d4ac2780a6e0c SHA512 (microcode-20191115.tar.gz) = 11014c16bde83ac290bc75e458242f5e64b8dffd49de2e938f61f4a09979cd5e80dd1a85d2ccbac067e4398dc3d93ef3583e4aa9b2e545ba46d26e65ec1e2881 -SHA512 (microcode-20210608.tar.gz) = 61acd2e76aa019fa0002fbf56c503791080a937ff93d81e020f8f0cc089dc08928b4c7e9884f713b886e2f9d4a8409fea59e39f628ef534a588515e1c3fc861d +SHA512 (microcode-20220207.tar.gz) = efa9f80815947cf2be371e7da7185634cbacefe779d1d6dfef0c15b78ccae7d2740ea6681b967a19dfbcc3014edce5bcdcdba87c9dea1f19d0415a03fca9e936 SHA512 (06-2d-07) = 631ec8ad8ad3c9b32d9569689f673010d26c13c7cc377d66b8fc5150de52485076d1514ba867dfa4f468889a31d6701cd8a0789d465ad069d98c8ea0f5bd3204 SHA512 (06-4e-03) = 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567 SHA512 (06-55-04) = db2783cd62680510a7105e7c3fd9d5fffac6a33159ba811f4669f8afb9a5badde4c009bf1868e6a53eb3ac2286812404127bcd45fcbc65fe004788e25ae3e222