diff --git a/.gitignore b/.gitignore index d6a7b0b..7940b36 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,4 @@ SOURCES/06-55-04 SOURCES/06-5e-03 SOURCES/microcode-20190918.tar.gz SOURCES/microcode-20191115.tar.gz -SOURCES/microcode-20210608.tar.gz +SOURCES/microcode-20220207.tar.gz diff --git a/.microcode_ctl.metadata b/.microcode_ctl.metadata index 19f5d82..46331ca 100644 --- a/.microcode_ctl.metadata +++ b/.microcode_ctl.metadata @@ -4,4 +4,4 @@ bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07 86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03 bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz 774636f4d440623b0ee6a2dad65260e81208074d SOURCES/microcode-20191115.tar.gz -68f7344d874d50f4c8d836f01abc497707d0baa2 SOURCES/microcode-20210608.tar.gz +a2a0e662d463e1d826ae74406379557a12469eb5 SOURCES/microcode-20220207.tar.gz diff --git a/SOURCES/06-4e-03_readme b/SOURCES/06-4e-03_readme index 13cb72a..3eceda2 100644 --- a/SOURCES/06-4e-03_readme +++ b/SOURCES/06-4e-03_readme @@ -14,6 +14,7 @@ microcode revisions in question are listed below: * 06-4e-03, revision 0xdc: cd1733458d187486999337ff8b51eeaa0cfbca6c * 06-4e-03, revision 0xe2: 41f4513cf563605bc85db38056ac430dec948366 * 06-4e-03, revision 0xea: 5a54cab9f22f69b819d663e5747ed6ea2a326c55 + * 06-4e-03, revision 0xec: d949a8543d2464d955f5dc4b0777cac863f48729 Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions @@ -46,6 +47,8 @@ to the following knowledge base articles: CVE-2020-24512 (Observable Timing Discrepancy), CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): https://access.redhat.com/articles/6101171 + * CVE-2021-0127 (Intel Processor Breakpoint Control Flow): + https://access.redhat.com/articles/6716541 The information regarding enforcing microcode update is provided below. diff --git a/SOURCES/06-55-04_readme b/SOURCES/06-55-04_readme index b8d3618..76dfb48 100644 --- a/SOURCES/06-55-04_readme +++ b/SOURCES/06-55-04_readme @@ -20,6 +20,7 @@ microcode revisions in question are listed below: * 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212 * 06-55-04, revision 0x2006a0a: 7ec27025329c82de9553c14a78733ad1013e5462 * 06-55-04, revision 0x2006b06: cb5bec976cb9754e3a22ab6828b3262a8f9eccf7 + * 06-55-04, revision 0x2006c0a: 76b641375d136c08f5feb46aacebee40468ac085 Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions @@ -52,6 +53,8 @@ to the following knowledge base articles: CVE-2020-24512 (Observable Timing Discrepancy), CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): https://access.redhat.com/articles/6101171 + * CVE-2021-0127 (Intel Processor Breakpoint Control Flow): + https://access.redhat.com/articles/6716541 The information regarding disabling microcode update is provided below. diff --git a/SOURCES/06-5e-03_readme b/SOURCES/06-5e-03_readme index 9beb75e..9161617 100644 --- a/SOURCES/06-5e-03_readme +++ b/SOURCES/06-5e-03_readme @@ -17,6 +17,7 @@ microcode revisions in question are listed below: * 06-5e-03, revision 0xdc: 5e1020a10678cfc60980131c3d3a2cfd462b4dd7 * 06-5e-03, revision 0xe2: 031e6e148b590d1c9cfdb6677539eeb4899e831c * 06-5e-03, revision 0xea: e6c37056a849fd281f2fdb975361a914e07b86c8 + * 06-5e-03, revision 0xec: 6458bf25da4906479a01ffdcaa6d466e22722e01 Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions @@ -49,6 +50,8 @@ to the following knowledge base articles: CVE-2020-24512 (Observable Timing Discrepancy), CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): https://access.redhat.com/articles/6101171 + * CVE-2021-0127 (Intel Processor Breakpoint Control Flow): + https://access.redhat.com/articles/6716541 The information regarding disabling microcode update is provided below. diff --git a/SOURCES/06-8c-01_readme b/SOURCES/06-8c-01_readme index 9625c42..5185d20 100644 --- a/SOURCES/06-8c-01_readme +++ b/SOURCES/06-8c-01_readme @@ -11,6 +11,7 @@ For the reference, SHA1 checksums of 06-8c-01 microcode files containing microcode revisions in question are listed below: * 06-8c-01, revision 0x68: 2204a6dee1688980cd228268fdf4b6ed5904fe04 * 06-8c-01, revision 0x88: 61b6590feb2769046d5b0c394179beaf2df51290 + * 06-8c-01, revision 0x9a: 48b3ae8d27d8138b5b47052d2f8184bf555ad18e Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions @@ -25,6 +26,8 @@ to the following knowledge base articles: CVE-2020-24512 (Observable Timing Discrepancy), CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): https://access.redhat.com/articles/6101171 + * CVE-2021-0145 (Fast store forward predictor - Cross Domain Training): + https://access.redhat.com/articles/6716541 The information regarding disabling microcode update is provided below. diff --git a/SOURCES/06-8e-9e-0x-0xca_readme b/SOURCES/06-8e-9e-0x-0xca_readme index 22f47dd..bf830eb 100644 --- a/SOURCES/06-8e-9e-0x-0xca_readme +++ b/SOURCES/06-8e-9e-0x-0xca_readme @@ -92,6 +92,16 @@ in question: * 06-9e-0c, revision 0xea: 1329a4d8166fe7d70833d21428936254e11efbb4 * 06-9e-0d, revision 0xea: 9c73f2ac6c4edbf8b0aefdd5d6780c7219be702a + * 06-8e-09, revision 0xec: 78eb624be5e8084e438318bdad99f9ddc082def7 + * 06-8e-0a, revision 0xec: 6c41a6ad412f48f81a9d5edf59dcdecc358398bf + * 06-8e-0b, revision 0xec: 89dd0de598c83eb9714f6839499f322dfce2b693 + * 06-8e-0c, revision 0xec: 225ea349b9cb3b1b94e237deb797e0c60d14a84c + * 06-9e-09, revision 0xec: fc5c0206fe392a0ddad4dc9363fde2d3e3d1e681 + * 06-9e-0a, revision 0xec: 128002076e4ac3c75697fb4efdf1f8ddcc971fbe + * 06-9e-0b, revision 0xec: ac8c3865a143b2e03869f15a5b86e560f60ad632 + * 06-9e-0c, revision 0xec: 6e3d695290def517857c8e743dc65161479f0c04 + * 06-9e-0d, revision 0xec: 58b1ec5fee7dd1a761ed901b374ccb978737a979 + Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions required for mitigating specific side-channel cache attacks, please refer @@ -118,6 +128,13 @@ to the following knowledge base articles: CVE-2020-8696 (Vector Register Leakage-Active), CVE-2020-8698 (Fast Forward Store Predictor): https://access.redhat.com/articles/5569051 + * CVE-2020-24489 (VT-d-related Privilege Escalation), + CVE-2020-24511 (Improper Isolation of Shared Resources), + CVE-2020-24512 (Observable Timing Discrepancy), + CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): + https://access.redhat.com/articles/6101171 + * CVE-2021-0127 (Intel Processor Breakpoint Control Flow): + https://access.redhat.com/articles/6716541 The information regarding disabling microcode update is provided below. diff --git a/SOURCES/06-8e-9e-0x-dell_readme b/SOURCES/06-8e-9e-0x-dell_readme index 0f12fee..bca53eb 100644 --- a/SOURCES/06-8e-9e-0x-dell_readme +++ b/SOURCES/06-8e-9e-0x-dell_readme @@ -92,6 +92,16 @@ in question: * 06-9e-0c, revision 0xea: 1329a4d8166fe7d70833d21428936254e11efbb4 * 06-9e-0d, revision 0xea: 9c73f2ac6c4edbf8b0aefdd5d6780c7219be702a + * 06-8e-09, revision 0xec: 78eb624be5e8084e438318bdad99f9ddc082def7 + * 06-8e-0a, revision 0xec: 6c41a6ad412f48f81a9d5edf59dcdecc358398bf + * 06-8e-0b, revision 0xec: 89dd0de598c83eb9714f6839499f322dfce2b693 + * 06-8e-0c, revision 0xec: 225ea349b9cb3b1b94e237deb797e0c60d14a84c + * 06-9e-09, revision 0xec: fc5c0206fe392a0ddad4dc9363fde2d3e3d1e681 + * 06-9e-0a, revision 0xec: 128002076e4ac3c75697fb4efdf1f8ddcc971fbe + * 06-9e-0b, revision 0xec: ac8c3865a143b2e03869f15a5b86e560f60ad632 + * 06-9e-0c, revision 0xec: 6e3d695290def517857c8e743dc65161479f0c04 + * 06-9e-0d, revision 0xec: 58b1ec5fee7dd1a761ed901b374ccb978737a979 + Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions required for mitigating specific side-channel cache attacks, please refer @@ -118,6 +128,13 @@ to the following knowledge base articles: CVE-2020-8696 (Vector Register Leakage-Active), CVE-2020-8698 (Fast Forward Store Predictor): https://access.redhat.com/articles/5569051 + * CVE-2020-24489 (VT-d-related Privilege Escalation), + CVE-2020-24511 (Improper Isolation of Shared Resources), + CVE-2020-24512 (Observable Timing Discrepancy), + CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): + https://access.redhat.com/articles/6101171 + * CVE-2021-0127 (Intel Processor Breakpoint Control Flow): + https://access.redhat.com/articles/6716541 The information regarding disabling microcode update is provided below. diff --git a/SOURCES/README.caveats b/SOURCES/README.caveats index b15642b..e7fd8eb 100644 --- a/SOURCES/README.caveats +++ b/SOURCES/README.caveats @@ -860,3 +860,8 @@ Intel CPU vulnerabilities is available in the following knowledge base articles: CVE-2020-24512 (Observable Timing Discrepancy), CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): https://access.redhat.com/articles/6101171 + * CVE-2021-0127 (Intel Processor Breakpoint Control Flow), + CVE-2021-0145 (Fast store forward predictor - Cross Domain Training), + CVE-2021-0146 (VT-d-related Privilege Escalation), + CVE-2021-33120 (Out of bounds read for some Intel Atom processors): + https://access.redhat.com/articles/6716541 diff --git a/SOURCES/codenames.list b/SOURCES/codenames.list index f2eaa75..f957dc6 100644 --- a/SOURCES/codenames.list +++ b/SOURCES/codenames.list @@ -271,6 +271,7 @@ Mobile;;Ice Lake;D1;80;706e5;ICL;U,Y;Core Gen10 Mobile; Server;;Knights Mill;A0;08;80650;KNM;;Xeon Phi 72x5;Xeon Phi 7235, 7285, 7295 SOC;;Snow Ridge;B0;01;80664;SNR;;Atom P59xxB; SOC;;Snow Ridge;B1;01;80665;SNR;;Atom P59xxB; +SOC;;Snow Ridge;C0;01;80667;SNR;;Atom P59xxB; Mobile;;Tiger Lake;B1;80;806c1;TGL;UP3,UP4;Core Gen11 Mobile; Mobile;;Tiger Lake Refresh;C0;80;806c2;TGL;R;Core Gen11 Mobile; Mobile;;Tiger Lake;R0;c2;806d1;TGL;H;Core Gen11 Mobile; diff --git a/SPECS/microcode_ctl.spec b/SPECS/microcode_ctl.spec index 8818c45..971850c 100644 --- a/SPECS/microcode_ctl.spec +++ b/SPECS/microcode_ctl.spec @@ -1,4 +1,4 @@ -%define intel_ucode_version 20210608 +%define intel_ucode_version 20220207 %global debug_package %{nil} %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats @@ -12,8 +12,8 @@ Summary: CPU microcode updates for Intel x86 processors Name: microcode_ctl -Version: %{intel_ucode_version} -Release: 1%{?dist} +Version: 20210608 +Release: 1.%{intel_ucode_version}.1%{?dist} Epoch: 4 License: CC0 and Redistributable, no modification permitted URL: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files @@ -544,6 +544,116 @@ rm -rf %{buildroot} %changelog +* Thu Feb 10 2022 Eugene Syromiatnikov - 4:20210608-1.20220207.1 +- Update Intel CPU microcode to microcode-20220207 release: + - Fixes in releasenote.md file. + +* Mon Feb 07 2022 Eugene Syromiatnikov - 4:20210608-1.20220204.1 +- Update Intel CPU microcode to microcode-20220204 release, addresses + CVE-2021-0127, CVE-2021-0145, CVE-2021-33120 (#2049541, #2049553, #2049570): + - Removal of 06-86-04/0x01 (SNR B0) microcode at revision 0xb00000f; + - Removal of 06-86-05/0x01 (SNR B1) microcode (in intel-ucode/06-86-04) + at revision 0xb00000f; + - Removal of 06-86-04/0x01 (SNR B0) microcode (in intel-ucode/06-86-05) + at revision 0xb00000f; + - Removal of 06-86-05/0x01 (SNR B1) microcode at revision 0xb00000f; + - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in + intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xea up to 0xec; + - Update of 06-4f-01/0xef (BDX-E/EP/EX/ML B0/M0/R0) microcode (in + intel-06-4f-01/intel-ucode/06-4f-01) from revision 0xb00003e up + to 0xb000040; + - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in + intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006b06 up + to 0x2006c0a; + - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in + intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xea up to 0xec; + - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in + intel-06-8c-01/intel-ucode/06-8c-01) from revision 0x88 up to 0x9a; + - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xea up + to 0xec; + - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xea up + to 0xec; + - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xea up + to 0xec; + - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xea up + to 0xec; + - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) + microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from + revision 0xea up to 0xec; + - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xea up + to 0xec; + - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xea up + to 0xec; + - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xea up + to 0xec; + - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xea up + to 0xec; + - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xea up + to 0xec; + - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode + from revision 0x46 up to 0x49; + - Update of 06-3f-04/0x80 (HSX-EX E0) microcode from revision 0x19 up + to 0x1a; + - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015b + up to 0x100015c; + - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4003102 + up to 0x400320a; + - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision + 0x5003102 up to 0x500320a; + - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002302 + up to 0x7002402; + - Update of 06-56-03/0x10 (BDX-DE V2/V3) microcode from revision + 0x700001b up to 0x700001c; + - Update of 06-56-04/0x10 (BDX-DE Y0) microcode from revision 0xf000019 + up to 0xf00001a; + - Update of 06-56-05/0x10 (BDX-NS A0/A1, HWL A1) microcode from revision + 0xe000012 up to 0xe000014; + - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x44 up + to 0x46; + - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x20 up + to 0x24; + - Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x34 up + to 0x36; + - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0002a0 + up to 0xd000331; + - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x36 up + to 0x38; + - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1a up + to 0x1c; + - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa6 + up to 0xa8; + - Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x2a up + to 0x2d; + - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x16 up + to 0x22; + - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x2c up + to 0x3c; + - Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x11 up + to 0x15; + - Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x1d up + to 0x2400001f; + - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xea up + to 0xec; + - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xea + up to 0xec; + - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xec + up to 0xee; + - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xe8 + up to 0xea; + - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision + 0xea up to 0xec; + - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x40 up + to 0x50. + * Mon Jul 05 2021 Eugene Syromiatnikov - 4:20210608-1 - Update Intel CPU microcode to microcode-20210608 release (#1921773): - Fixes in releasenote.md file.