From cb43af487bc61b08fcdf370ee4aff7ba6b333da7 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Wed, 16 Feb 2022 04:20:42 +0000
Subject: [PATCH] import microcode_ctl-20220207-1.el8

---
 .gitignore                                    |  2 +-
 .microcode_ctl.metadata                       |  2 +-
 ...ix-microde-20220204-revision-summary.patch | 44 -------------------
 SOURCES/06-4e-03_readme                       |  2 +
 SOURCES/06-55-04_readme                       |  2 +
 SOURCES/06-5e-03_readme                       |  2 +
 SOURCES/06-8c-01_readme                       |  2 +
 SOURCES/06-8e-9e-0x-0xca_readme               |  7 +++
 SOURCES/06-8e-9e-0x-dell_readme               |  7 +++
 SOURCES/README.caveats                        |  5 +++
 SPECS/microcode_ctl.spec                      | 22 +++++-----
 11 files changed, 40 insertions(+), 57 deletions(-)
 delete mode 100644 SOURCES/0001-releasenote.md-fix-microde-20220204-revision-summary.patch

diff --git a/.gitignore b/.gitignore
index b604404..7940b36 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,4 +4,4 @@ SOURCES/06-55-04
 SOURCES/06-5e-03
 SOURCES/microcode-20190918.tar.gz
 SOURCES/microcode-20191115.tar.gz
-SOURCES/microcode-20220204.tar.gz
+SOURCES/microcode-20220207.tar.gz
diff --git a/.microcode_ctl.metadata b/.microcode_ctl.metadata
index 6f2213c..46331ca 100644
--- a/.microcode_ctl.metadata
+++ b/.microcode_ctl.metadata
@@ -4,4 +4,4 @@ bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07
 86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03
 bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz
 774636f4d440623b0ee6a2dad65260e81208074d SOURCES/microcode-20191115.tar.gz
-a6a11c2f59d6c4b3b8e11ceee67f4bc30d4c6c93 SOURCES/microcode-20220204.tar.gz
+a2a0e662d463e1d826ae74406379557a12469eb5 SOURCES/microcode-20220207.tar.gz
diff --git a/SOURCES/0001-releasenote.md-fix-microde-20220204-revision-summary.patch b/SOURCES/0001-releasenote.md-fix-microde-20220204-revision-summary.patch
deleted file mode 100644
index fa49ff2..0000000
--- a/SOURCES/0001-releasenote.md-fix-microde-20220204-revision-summary.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From a6faade347b3c7312013b71ae0cd5f08acc12dab Mon Sep 17 00:00:00 2001
-From: Eugene Syromiatnikov <esyr@redhat.com>
-Date: Tue, 1 Feb 2022 05:23:23 +0100
-Subject: [PATCH] releasenote.md: fix microde-20220204 revision summary table
-
-* releasenote.md (06-3f-02/6f, 06-3f-04/80, 06-4e-03/c0, 06-4f-01/ef,
-06-55-03/97): Add missing Updated Platforms records.
-(Removed Platforms): Add 06-86-04/01 and 06-86-05/01 (SNR B0/B1)
-records.
----
- releasenote.md | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/releasenote.md b/releasenote.md
-index 14e3231..0a1e478 100644
---- a/releasenote.md
-+++ b/releasenote.md
-@@ -26,6 +26,11 @@ None
- 
- | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products
- |:---------------|:---------|:------------|:---------|:---------|:---------
-+| HSX-E/EP       | Cx/M1    | 06-3f-02/6f | 00000046 | 00000049 | Core Gen4 X series; Xeon E5 v3
-+| HSX-EX         | E0       | 06-3f-04/80 | 00000019 | 0000001a | Xeon E7 v3
-+| SKL-U/Y        | D0       | 06-4e-03/c0 | 000000ea | 000000ec | Core Gen6 Mobile
-+| BDX-ML         | B0/M0/R0 | 06-4f-01/ef | 0b00003e | 0b000040 | Xeon E5/E7 v4; Core i7-69xx/68xx
-+| SKX-SP         | B1       | 06-55-03/97 | 0100015b | 0100015c | Xeon Scalable
- | SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006b06 | 02006c0a | Xeon Scalable
- | SKX-D          | M1       | 06-55-04/b7 | 02006b06 | 02006c0a | Xeon D-21xx
- | CLX-SP         | B0       | 06-55-06/bf | 04003102 | 0400320a | Xeon Scalable Gen2
-@@ -69,7 +74,10 @@ None
- 
- ### Removed Platforms
- 
--None
-+| Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products
-+|:---------------|:---------|:------------|:---------|:---------|:---------
-+| SNR            | B0       | 06-86-04/01 | 0b00000f |          | Atom P59xxB
-+| SNR            | B1       | 06-86-05/01 | 0b00000f |          | Atom P59xxB
- 
- ## [microcode-20210608](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608)
- 
--- 
-2.13.6
-
diff --git a/SOURCES/06-4e-03_readme b/SOURCES/06-4e-03_readme
index e311550..3eceda2 100644
--- a/SOURCES/06-4e-03_readme
+++ b/SOURCES/06-4e-03_readme
@@ -47,6 +47,8 @@ to the following knowledge base articles:
    CVE-2020-24512 (Observable Timing Discrepancy),
    CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
    https://access.redhat.com/articles/6101171
+ * CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
+   https://access.redhat.com/articles/6716541
 
 The information regarding enforcing microcode update is provided below.
 
diff --git a/SOURCES/06-55-04_readme b/SOURCES/06-55-04_readme
index fd08268..76dfb48 100644
--- a/SOURCES/06-55-04_readme
+++ b/SOURCES/06-55-04_readme
@@ -53,6 +53,8 @@ to the following knowledge base articles:
    CVE-2020-24512 (Observable Timing Discrepancy),
    CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
    https://access.redhat.com/articles/6101171
+ * CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
+   https://access.redhat.com/articles/6716541
 
 The information regarding disabling microcode update is provided below.
 
diff --git a/SOURCES/06-5e-03_readme b/SOURCES/06-5e-03_readme
index 117a5fd..9161617 100644
--- a/SOURCES/06-5e-03_readme
+++ b/SOURCES/06-5e-03_readme
@@ -50,6 +50,8 @@ to the following knowledge base articles:
    CVE-2020-24512 (Observable Timing Discrepancy),
    CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
    https://access.redhat.com/articles/6101171
+ * CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
+   https://access.redhat.com/articles/6716541
 
 The information regarding disabling microcode update is provided below.
 
diff --git a/SOURCES/06-8c-01_readme b/SOURCES/06-8c-01_readme
index 182b1d6..5185d20 100644
--- a/SOURCES/06-8c-01_readme
+++ b/SOURCES/06-8c-01_readme
@@ -26,6 +26,8 @@ to the following knowledge base articles:
    CVE-2020-24512 (Observable Timing Discrepancy),
    CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
    https://access.redhat.com/articles/6101171
+ * CVE-2021-0145 (Fast store forward predictor - Cross Domain Training):
+   https://access.redhat.com/articles/6716541
 
 The information regarding disabling microcode update is provided below.
 
diff --git a/SOURCES/06-8e-9e-0x-0xca_readme b/SOURCES/06-8e-9e-0x-0xca_readme
index 12bf504..bf830eb 100644
--- a/SOURCES/06-8e-9e-0x-0xca_readme
+++ b/SOURCES/06-8e-9e-0x-0xca_readme
@@ -128,6 +128,13 @@ to the following knowledge base articles:
    CVE-2020-8696 (Vector Register Leakage-Active),
    CVE-2020-8698 (Fast Forward Store Predictor):
    https://access.redhat.com/articles/5569051
+ * CVE-2020-24489 (VT-d-related Privilege Escalation),
+   CVE-2020-24511 (Improper Isolation of Shared Resources),
+   CVE-2020-24512 (Observable Timing Discrepancy),
+   CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
+   https://access.redhat.com/articles/6101171
+ * CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
+   https://access.redhat.com/articles/6716541
 
 The information regarding disabling microcode update is provided below.
 
diff --git a/SOURCES/06-8e-9e-0x-dell_readme b/SOURCES/06-8e-9e-0x-dell_readme
index e0dd6f7..bca53eb 100644
--- a/SOURCES/06-8e-9e-0x-dell_readme
+++ b/SOURCES/06-8e-9e-0x-dell_readme
@@ -128,6 +128,13 @@ to the following knowledge base articles:
    CVE-2020-8696 (Vector Register Leakage-Active),
    CVE-2020-8698 (Fast Forward Store Predictor):
    https://access.redhat.com/articles/5569051
+ * CVE-2020-24489 (VT-d-related Privilege Escalation),
+   CVE-2020-24511 (Improper Isolation of Shared Resources),
+   CVE-2020-24512 (Observable Timing Discrepancy),
+   CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
+   https://access.redhat.com/articles/6101171
+ * CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
+   https://access.redhat.com/articles/6716541
 
 The information regarding disabling microcode update is provided below.
 
diff --git a/SOURCES/README.caveats b/SOURCES/README.caveats
index b15642b..e7fd8eb 100644
--- a/SOURCES/README.caveats
+++ b/SOURCES/README.caveats
@@ -860,3 +860,8 @@ Intel CPU vulnerabilities is available in the following knowledge base articles:
    CVE-2020-24512 (Observable Timing Discrepancy),
    CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
    https://access.redhat.com/articles/6101171
+ * CVE-2021-0127 (Intel Processor Breakpoint Control Flow),
+   CVE-2021-0145 (Fast store forward predictor - Cross Domain Training),
+   CVE-2021-0146 (VT-d-related Privilege Escalation),
+   CVE-2021-33120 (Out of bounds read for some Intel Atom processors):
+   https://access.redhat.com/articles/6716541
diff --git a/SPECS/microcode_ctl.spec b/SPECS/microcode_ctl.spec
index 6ca7117..c0218f2 100644
--- a/SPECS/microcode_ctl.spec
+++ b/SPECS/microcode_ctl.spec
@@ -1,4 +1,4 @@
-%define intel_ucode_version 20220204
+%define intel_ucode_version 20220207
 %global debug_package %{nil}
 
 %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats
@@ -12,13 +12,12 @@
 
 Summary:        CPU microcode updates for Intel x86 processors
 Name:           microcode_ctl
-Version:        20210608
-Release:        1.%{intel_ucode_version}.1%{?dist}
+Version:        %{intel_ucode_version}
+Release:        1%{?dist}
 Epoch:          4
 License:        CC0 and Redistributable, no modification permitted
 URL:            https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
-#Source0:        https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz
-Source0:        microcode-%{intel_ucode_version}.tar.gz
+Source0:        https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz
 
 # (Pre-MDS) revision 0x714 of 06-2d-07 microcode
 Source2:        https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190514/intel-ucode/06-2d-07
@@ -123,8 +122,6 @@ Source1000:     gen_provides.sh
 Source1001:     codenames.list
 Source1002:     gen_updates2.py
 
-Patch1001: 0001-releasenote.md-fix-microde-20220204-revision-summary.patch
-
 ExclusiveArch:  %{ix86} x86_64
 BuildRequires:  systemd-units
 # hexdump is used in gen_provides.sh
@@ -151,8 +148,6 @@ is no longer used for microcode upload and, as a result, no longer provided.
 %prep
 %setup -n "Intel-Linux-Processor-Microcode-Data-Files-microcode-%{intel_ucode_version}"
 
-%patch1001 -p1
-
 %build
 # replacing SNB-EP (CPUID 0x206d7) microcode with pre-MDS version
 mv intel-ucode/06-2d-07 intel-ucode-with-caveats/
@@ -549,9 +544,14 @@ rm -rf %{buildroot}
 
 
 %changelog
-* Mon Feb 07 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20210608-1.20220204.1
+* Thu Feb 10 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220207-1
+- Update Intel CPU microcode to microcode-20220207 release:
+  - Fixes in releasenote.md file.
+
+* Mon Feb 07 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220204-1
 - Update Intel CPU microcode to microcode-20220204 release, addresses
-  CVE-2021-0127, CVE-2021-0145, CVE-2021-33120 (#2049541, #2049553, #2049570):
+  CVE-2021-0127, CVE-2021-0145, and CVE-2021-33120 (#1971906, #2049543,
+  #2049554, #2049571):
   - Removal of 06-86-04/0x01 (SNR B0) microcode at revision 0xb00000f;
   - Removal of 06-86-05/0x01 (SNR B1) microcode (in intel-ucode/06-86-04)
     at revision 0xb00000f;