Compare commits

..

No commits in common. "c8" and "c9-beta" have entirely different histories.
c8 ... c9-beta

9 changed files with 71 additions and 197 deletions

2
.gitignore vendored
View File

@ -4,4 +4,4 @@ SOURCES/06-55-04
SOURCES/06-5e-03
SOURCES/microcode-20190918.tar.gz
SOURCES/microcode-20191115.tar.gz
SOURCES/microcode-20240910.tar.gz
SOURCES/microcode-20240531.tar.gz

View File

@ -4,4 +4,4 @@ bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07
86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03
bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz
774636f4d440623b0ee6a2dad65260e81208074d SOURCES/microcode-20191115.tar.gz
2815182aa376dba6d534bc087a27fe9f27def1d2 SOURCES/microcode-20240910.tar.gz
9e4c19980b5d79eaa8c7324b6f6821c5812680c0 SOURCES/microcode-20240531.tar.gz

View File

@ -18,7 +18,6 @@ microcode revisions in question are listed below:
* 06-8c-01, revision 0xac: b9f342e564a0be372ed1f4709263bf811feb022a
* 06-8c-01, revision 0xb4: 6596bb8696cde85538bb833d090f0b7a42d6ae14
* 06-8c-01, revision 0xb6: 76556e8248a89f38cd55a6c83dccc995ba176091
* 06-8c-01, revision 0xb8: 6e9b138d1db2934479b179af4a3a19e843c4b4e4
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions

View File

@ -141,15 +141,6 @@ in question:
* 06-9e-0c, revision 0xf6: a8dfddd009f750b6528f93556b67d4eeca1e5dfa
* 06-9e-0d, revision 0xfc: a0ad865fd2d3b9d955a889c96fabc67da0235dda
* 06-8e-09, revision 0xf6: c2786ef2eb4feb8ac3e3efae83c361de3ad8df0d
* 06-8e-0a, revision 0xf6: 9bb2839d451ecee40c1eb08f40e4baec9a159e90
* 06-8e-0b, revision 0xf6: 7b60fc7d44654976df32971a45399b3b910f3390
* 06-8e-0c, revision 0xfc: 34efc9a54dc32082b898116840c0a1a1cef59e69
* 06-9e-0a, revision 0xf8: 880163a2da13ed1eae1654535d751a788de6fa3f
* 06-9e-0b, revision 0xf6: ca90c9139d0c1554f6d17ae1bdcf94d0faa6ece7
* 06-9e-0c, revision 0xf8: 97dcc36772894619ab28be8c35c4ff9f15d684ae
* 06-9e-0d, revision 0x100: 1a00b6a4373b95811c6396f2a0d8d497f4006fb7
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer

View File

@ -141,15 +141,6 @@ in question:
* 06-9e-0c, revision 0xf6: a8dfddd009f750b6528f93556b67d4eeca1e5dfa
* 06-9e-0d, revision 0xfc: a0ad865fd2d3b9d955a889c96fabc67da0235dda
* 06-8e-09, revision 0xf6: c2786ef2eb4feb8ac3e3efae83c361de3ad8df0d
* 06-8e-0a, revision 0xf6: 9bb2839d451ecee40c1eb08f40e4baec9a159e90
* 06-8e-0b, revision 0xf6: 7b60fc7d44654976df32971a45399b3b910f3390
* 06-8e-0c, revision 0xfc: 34efc9a54dc32082b898116840c0a1a1cef59e69
* 06-9e-0a, revision 0xf8: 880163a2da13ed1eae1654535d751a788de6fa3f
* 06-9e-0b, revision 0xf6: ca90c9139d0c1554f6d17ae1bdcf94d0faa6ece7
* 06-9e-0c, revision 0xf8: 97dcc36772894619ab28be8c35c4ff9f15d684ae
* 06-9e-0d, revision 0x100: 1a00b6a4373b95811c6396f2a0d8d497f4006fb7
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer

View File

@ -10,8 +10,8 @@ behaviour.
General behaviour
=================
In RHEL 8 (as well as RHEL 7 before it), there are currently two main handlers
for CPU microcode update:
In RHEL 9 (as well as in RHEL 7 and RHEL 8 before it), there are currently
two main handlers for CPU microcode update:
* Early microcode update. It uses GenuineIntel.bin or AuthenticAMD.bin file
placed at the beginning of an initramfs image
(/boot/initramfs-KERNEL_VERSION.img, where "KERNEL_VERSION" is a kernel
@ -45,10 +45,10 @@ zero-filled.
The early microcode is placed into initramfs image by the "dracut" script, which
scans the aforementioned subdirectories of the configured list of firmware
directories (by default, the list consists of two directories in RHEL 8,
directories (by default, the list consists of two directories in RHEL 9,
"/lib/firmware/updates" and "/lib/firmware").
In RHEL 8, AMD CPU microcode is shipped as a part of the linux-firmware package,
In RHEL 9, AMD CPU microcode is shipped as a part of the linux-firmware package,
and Intel microcode is shipped as a part of the microcode_ctl package.
The microcode_ctl package currently includes the following:
@ -613,7 +613,7 @@ Mitigation: microcode loading is disabled for the affected CPU model.
Minimum versions of the kernel package that contain the aforementioned patch
series:
- Upstream/RHEL 8: 4.17.0
- Upstream/RHEL 8/RHEL 9: 4.17.0
- RHEL 7.6 onwards: 3.10.0-894
- RHEL 7.5: 3.10.0-862.6.1
- RHEL 7.4: 3.10.0-693.35.1
@ -628,7 +628,7 @@ series:
Early microcode load inside a virtual machine
---------------------------------------------
RHEL 8 kernel supports performing microcode update during early boot stage
RHEL 9 kernel supports performing microcode update during early boot stage
from a cpio archive placed at the beginning of the initramfs image. However,
when an early microcode update is attempted inside some virtualised
environments, that may result in unexpected system behaviour.
@ -643,7 +643,7 @@ Mitigation: early microcode loading is disabled for all CPU models on kernels
without the fix.
Minimum versions of the kernel package that contain the fix:
- Upstream/RHEL 8: 4.10.0
- Upstream/RHEL 8/RHEL 9: 4.10.0
- RHEL 7.6 onwards: 3.10.0-930
- RHEL 7.5: 3.10.0-862.14.1
- RHEL 7.4: 3.10.0-693.38.1

View File

@ -43,25 +43,43 @@ for f in $(grep -E '/intel-ucode.*/[0-9a-f][0-9a-f]-[0-9a-f][0-9a-f]-[0-9a-f][0-
# ext_sig, 12 bytes in size
IFS=' ' read cpuid pf_mask <<- EOF
$(hexdump -s "$skip" -n 8 \
-e '"" 1/4 "%08x " 1/4 "%u" "\n"' "$f")
$(dd if="$f" ibs=1 skip="$skip" count=8 status=none \
| xxd -e -g4 | xxd -r | hexdump -n 8 \
-e '"" 4/1 "%02x" " 0x" 4/1 "%02x" "\n"')
EOF
# Converting values from the constructed %#08x format
pf_mask="$((pf_mask))"
skip="$((skip + 12))"
ext_sig_pos="$((ext_sig_pos + 1))"
else
# Microcode header, 48 bytes, last 3 fields reserved
# cksum, ldrver are ignored
IFS=' ' read hdrver rev \
date_y date_d date_m \
date_m date_d date_y \
cpuid cksum ldrver \
pf_mask datasz totalsz <<- EOF
$(hexdump -s "$skip" -n 36 \
-e '"" 1/4 "%u " 1/4 "%#x " \
1/2 "%04x " 1/1 "%02x " 1/1 "%02x " \
1/4 "%08x " 1/4 "%x " 1/4 "%#x " \
1/4 "%u " 1/4 "%u " 1/4 "%u" "\n"' "$f")
$(dd if="$f" ibs=1 skip="$skip" count=36 status=none \
| xxd -e -g4 | xxd -r | hexdump -n 36 \
-e '"0x" 4/1 "%02x" " 0x" 4/1 "%02x" " " \
1/1 "%02x " 1/1 "%02x " 2/1 "%02x" " " \
4/1 "%02x" " 0x" 4/1 "%02x" " 0x" 4/1 "%02x" \
" 0x" 4/1 "%x" \
" 0x" 4/1 "%02x" " 0x" 4/1 "%02x" "\n"')
EOF
# Converting values from the constructed %#08x format
rev="$(printf '%#x' "$((rev))")"
pf_mask="$((pf_mask))"
datasz="$((datasz))"
totalsz="$((totalsz))"
# Skipping files with unexpected hdrver value
[ 1 = "$((hdrver))" ] || {
echo "$f+$skip@$file_sz: incorrect hdrver $((hdrver))" >&2
break
}
[ 0 != "$datasz" ] || datasz=2000
[ 0 != "$totalsz" ] || totalsz=2048
@ -80,9 +98,12 @@ for f in $(grep -E '/intel-ucode.*/[0-9a-f][0-9a-f]-[0-9a-f][0-9a-f]-[0-9a-f][0-
# ext_sig table header, 20 bytes in size,
# last 3 fields are reserved.
IFS=' ' read ext_sig_cnt <<- EOF
$(hexdump -s "$skip" -n 4 \
-e '"" 1/4 "%u" "\n"' "$f")
$(dd if="$f" ibs=1 skip="$skip" count=4 status=none \
| xxd -e -g4 | hexdump -n 4 \
-e '"0x" 4/1 "%02x" "\n"')
EOF
# Converting values from the constructed format
ext_sig_cnt="$((ext_sig_cnt))"
skip="$((skip + 20))"
else

View File

@ -144,7 +144,7 @@ def read_revs_dir(path, args, src=None, ret=None):
offs = 0
while offs < sz:
f.seek(offs, os.SEEK_SET)
hdr = struct.unpack("IiIIIIIIIIII", f.read(48))
hdr = struct.unpack("<IiIIIIIIIIII", f.read(48))
ret.append({"path": rp, "src": src or path,
"cpuid": hdr[3], "pf": hdr[6], "rev": hdr[1],
"date": hdr[2], "offs": offs, "cksum": hdr[4],
@ -152,7 +152,7 @@ def read_revs_dir(path, args, src=None, ret=None):
if hdr[8] and hdr[8] - hdr[7] > 48:
f.seek(hdr[7], os.SEEK_CUR)
ext_tbl = struct.unpack("IIIII", f.read(20))
ext_tbl = struct.unpack("<IIIII", f.read(20))
log_status("Found %u extended signatures for %s:%#x" %
(ext_tbl[0], rp, offs), level=1)
@ -160,7 +160,7 @@ def read_revs_dir(path, args, src=None, ret=None):
ext_sig_cnt = 0
while cur_offs < offs + hdr[8] \
and ext_sig_cnt <= ext_tbl[0]:
ext_sig = struct.unpack("III", f.read(12))
ext_sig = struct.unpack("<III", f.read(12))
ignore = args.ignore_ext_dups and \
(ext_sig[0] == hdr[3])
if not ignore:

View File

@ -1,5 +1,4 @@
%define intel_ucode_version 20240910
%global debug_package %{nil}
%define intel_ucode_version 20240531
%define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats
%define microcode_ctl_libexec %{_libexecdir}/microcode_ctl
@ -122,10 +121,12 @@ Source1000: gen_provides.sh
Source1001: codenames.list
Source1002: gen_updates2.py
ExclusiveArch: %{ix86} x86_64
BuildArch: noarch
BuildRequires: systemd-units
# hexdump is used in gen_provides.sh
BuildRequires: coreutils util-linux
# dd, hexdump, and xxd are used in gen_provides.sh
BuildRequires: coreutils util-linux /usr/bin/xxd
# gen_updates2.py requires python interpreter
BuildRequires: /usr/bin/python3
Requires: coreutils
Requires(post): systemd coreutils
Requires(preun): systemd coreutils
@ -313,7 +314,7 @@ install -m 644 "%{SOURCE182}" "%{tgl_inst_dir}/disclaimer"
# SUMMARY.intel-ucode generation
# It is to be done only after file population, so, it is here,
# at the end of the install stage
/usr/libexec/platform-python "%{SOURCE1002}" -C "%{SOURCE1001}" \
/usr/bin/python3 "%{SOURCE1002}" -C "%{SOURCE1001}" \
summary -A "%{buildroot}" \
> "%{buildroot}/%{_pkgdocdir}/SUMMARY.intel-ucode"
@ -408,13 +409,9 @@ rpm -qa --qf "${qf}" ${pkgs} | sort -r -n -k'3,3' | {
# https://bugzilla.redhat.com/show_bug.cgi?id=1609696
# So, we check for symvers file inside /lib/modules.
#
# Also account for the fact that symvers compression has been
# switched from gzip to xz on newer kernels.
#
# XXX: Not sure if this check is still needed, since we now
# iterate over the rpm output.
[ -e "/lib/modules/${kver_uname}/symvers.gz" -o \
-e "/lib/modules/${kver_uname}/symvers.xz" ] || continue
[ -e "/lib/modules/${kver_uname}/symvers.gz" ] || continue
# Check that modules.dep for the kernel is present as well,
# otherwise dracut complains with "/lib/modules/.../modules.dep
# is missing. Did you run depmod?".
@ -551,137 +548,12 @@ rm -rf %{buildroot}
%changelog
* Mon Sep 23 2024 Eugene Syromiatnikov <esyr@redhat.com> - 4:20240910-1
- Update Intel CPU microcode to microcode-20240910 release, addresses
CVE-2024-23984, CVE-2024-24853, CVE-2024-24968, CVE-2024-24980,
CVE-2024-25939 (RHEL-59081):
- Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in
intel-06-8c-01/intel-ucode/06-8c-01) from revision 0xb6 up to 0xb8;
- Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xf4 up
to 0xf6;
- Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xf4 up
to 0xf6;
- Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xf4 up
to 0xf6;
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xf4 up
to 0xf6;
- Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from
revision 0xfa up to 0xfc;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xf6 up
to 0xf8;
- Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xf4 up
to 0xf6;
- Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xf6 up
to 0xf8;
- Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xfc up
to 0x100;
- Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
0x5003605 up to 0x5003707;
- Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002802
up to 0x7002904;
- Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0003d1
up to 0xd0003e7;
- Update of 06-6c-01/0x10 (ICL-D B0) microcode from revision 0x1000290
up to 0x10002b0;
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xc4
up to 0xc6;
- Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x36 up
to 0x38;
- Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x50 up
to 0x52;
- Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x19 up
to 0x1a;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision
0x35 up to 0x36;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-97-02) from revision 0x35 up to 0x36;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x35 up to 0x36;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
from revision 0x35 up to 0x36;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-97-05) from revision 0x35 up to 0x36;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode from revision 0x35
up to 0x36;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x35 up to 0x36;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
from revision 0x35 up to 0x36;
- Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision
0x433 up to 0x434;
- Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
intel-ucode/06-9a-03) from revision 0x433 up to 0x434;
- Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
intel-ucode/06-9a-04) from revision 0x433 up to 0x434;
- Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x433
up to 0x434;
- Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xfa up
to 0xfc;
- Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xfa
up to 0xfc;
- Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xfa
up to 0xfc;
- Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xfa
up to 0xfe;
- Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision
0xfa up to 0xfc;
- Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x5e up
to 0x62;
- Update of 06-aa-04/0xe6 (MTL-H/U C0) microcode from revision 0x1c
up to 0x1f;
- Update of 06-b7-01/0x32 (RPL-S B0) microcode from revision 0x123 up
to 0x129;
- Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode from revision
0x4121 up to 0x4122;
- Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
intel-ucode/06-ba-02) from revision 0x4121 up to 0x4122;
- Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) from
revision 0x4121 up to 0x4122;
- Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
intel-ucode/06-ba-03) from revision 0x4121 up to 0x4122;
- Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode from revision 0x4121
up to 0x4122;
- Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-03) from
revision 0x4121 up to 0x4122;
- Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
intel-ucode/06-ba-08) from revision 0x4121 up to 0x4122;
- Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
intel-ucode/06-ba-08) from revision 0x4121 up to 0x4122;
- Update of 06-ba-08/0xe0 microcode from revision 0x4121 up to 0x4122;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-02) from revision 0x35 up to 0x36;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-02) from revision 0x35 up to 0x36;
- Update of 06-bf-02/0x07 (ADL C0) microcode from revision 0x35 up
to 0x36;
- Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-bf-02)
from revision 0x35 up to 0x36;
- Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
intel-ucode/06-bf-05) from revision 0x35 up to 0x36;
- Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-bf-05) from revision 0x35 up to 0x36;
- Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-bf-05)
from revision 0x35 up to 0x36;
- Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x35 up
to 0x36;
- Update of 06-be-00/0x19 (ADL-N A0) microcode from revision 0x17 up
to 0x1a (old pf 0x11).
* Mon Jun 17 2024 Eugene Syromiatnikov <esyr@redhat.com> - 4:20240531-1
- Update Intel CPU microcode to microcode-20240531 release, addresses
CVE-2023-22655, CVE-2023-23583. CVE-2023-28746, CVE-2023-38575,
CVE-2023-39368, CVE-2023-42667, CVE-2023-43490, CVE-2023-45733,
CVE-2023-46103, CVE-2023-49141 (RHEL-30859, RHEL-30862, RHEL-30865,
RHEL-30868, RHEL-30871, RHEL-41093, RHEL-41108):
CVE-2023-46103, CVE-2023-49141 (RHEL-30861, RHEL-30864, RHEL-30867,
RHEL-30870, RHEL-30873, RHEL-41094, RHEL-41109):
- Addition of 06-aa-04/0xe6 (MTL-H/U C0) microcode at revision 0x1c;
- Addition of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) at
revision 0x4121;
@ -1055,8 +927,8 @@ rm -rf %{buildroot}
* Thu Aug 10 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230808-1
- Update Intel CPU microcode to microcode-20230808 release, addresses
CVE-2022-40982, CVE-2022-41804, CVE-2023-23908 (#2213125, #2223993, #2230678,
#2230690):
CVE-2022-40982, CVE-2022-41804, CVE-2023-23908 (#2213124, #2223992, #2230677,
#2230689):
- Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006f05 up
to 0x2007006;
@ -1256,7 +1128,7 @@ rm -rf %{buildroot}
to 0x11 (old pf 0x1).
* Mon Aug 07 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230516-1
- Update Intel CPU microcode to microcode-20230516 release (#2213125):
- Update Intel CPU microcode to microcode-20230516 release (#2213124):
- Addition of 06-be-00/0x01 (ADL-N A0) microcode at revision 0x10;
- Addition of 06-9a-04/0x40 (AZB A0) microcode at revision 0x4;
- Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
@ -1429,19 +1301,19 @@ rm -rf %{buildroot}
* Tue Aug 01 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-4
- Avoid spurious find failures due to calls on directories that may not exist
(#2231065).
(#2225681).
* Wed Jun 28 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-3
- Force locale to C in check_caveats, reload_microcode, and update_ucode
(#2218096).
(#2218104).
* Tue Jun 06 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-2
- Cleanup the dangling symlinks in update_ucode (#2135376).
- Cleanup the dangling symlinks in update_ucode (#2213022).
* Wed Feb 15 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-1
- Update Intel CPU microcode to microcode-20230214 release, addresses
CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090 (#2171234,
#2171259):
CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090 (#2171237,
#2171262):
- Addition of 06-6c-01/0x10 (ICL-D B0) microcode at revision 0x1000211;
- Addition of 06-8f-04/0x87 (SPR-SP E0/S1) microcode at revision
0x2b000181;
@ -1617,11 +1489,11 @@ rm -rf %{buildroot}
* Tue Oct 25 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220809-2
- Change the logger severity level to warning to align with the kmsg one
(#2136224).
(#2136506).
* Tue Aug 09 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220809-1
- Update Intel CPU microcode to microcode-20220510 release, addresses
CVE-2022-21233 (#2115667):
CVE-2022-21233 (#2115663):
- Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006d05 up
to 0x2006e05;
@ -1684,7 +1556,8 @@ rm -rf %{buildroot}
* Tue May 10 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220510-1
- Update Intel CPU microcode to microcode-20220510 release, addresses
CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151 (#2086743):
CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151 (#2090248,
#2090261, #2086751, #2040069):
- Addition of 06-97-02/0x03 (ADL-HX C0) microcode at revision 0x1f;
- Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
intel-ucode/06-97-02) at revision 0x1f;
@ -1807,13 +1680,8 @@ rm -rf %{buildroot}
to 0x53.
* Thu Feb 10 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220207-1
- Update Intel CPU microcode to microcode-20220207 release:
- Fixes in releasenote.md file.
* Mon Feb 07 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220204-1
- Update Intel CPU microcode to microcode-20220204 release, addresses
CVE-2021-0127, CVE-2021-0145, and CVE-2021-33120 (#1971906, #2049543,
#2049554, #2049571):
- Update Intel CPU microcode to microcode-20220207 release, addresses
CVE-2021-0127, CVE-2021-0145, and CVE-2021-33120 (#2053253):
- Removal of 06-86-04/0x01 (SNR B0) microcode at revision 0xb00000f;
- Removal of 06-86-05/0x01 (SNR B1) microcode (in intel-ucode/06-86-04)
at revision 0xb00000f;
@ -1917,6 +1785,10 @@ rm -rf %{buildroot}
- Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x40 up
to 0x50.
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4:20210608-2
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Mon Jul 05 2021 Eugene Syromiatnikov <esyr@redhat.com> - 4:20210608-1
- Update Intel CPU microcode to microcode-20210608 release (#1921773):
- Fixes in releasenote.md file.