4f40bcbef1
- Update Intel CPU microcode to microcode-20220510 release, addresses CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151 (#2086743): - Addition of 06-97-02/0x03 (ADL-HX C0) microcode at revision 0x1f; - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in intel-ucode/06-97-02) at revision 0x1f; - Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-02) at revision 0x1f; - Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-02) at revision 0x1f; - Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in intel-ucode/06-97-05) at revision 0x1f; - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode at revision 0x1f; - Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-05) at revision 0x1f; - Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-05) at revision 0x1f; - Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode at revision 0x41c; - Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in intel-ucode/06-9a-03) at revision 0x41c; - Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in intel-ucode/06-9a-04) at revision 0x41c; - Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode at revision 0x41c; - Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in intel-ucode/06-bf-02) at revision 0x1f; - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in intel-ucode/06-bf-02) at revision 0x1f; - Addition of 06-bf-02/0x03 (ADL C0) microcode at revision 0x1f; - Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-bf-02) at revision 0x1f; - Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in intel-ucode/06-bf-05) at revision 0x1f; - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in intel-ucode/06-bf-05) at revision 0x1f; - Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-bf-05) at revision 0x1f; - Addition of 06-bf-05/0x03 (ADL C0) microcode at revision 0x1f; - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xec up to 0xf0; - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006c0a up to 0x2006d05; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xec up to 0xf0; - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in intel-06-8c-01/intel-ucode/06-8c-01) from revision 0x9a up to 0xa4; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xec up to 0xf0; - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xec up to 0xf0; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xec up to 0xf0; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xec up to 0xf0; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from revision 0xec up to 0xf0; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xec up to 0xf0; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xec up to 0xf0; - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xec up to 0xf0; - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xec up to 0xf0; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xec up to 0xf0; - Update of 06-37-09/0x0f (VLV D0) microcode from revision 0x90c up to 0x90d; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015c up to 0x100015d; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400320a up to 0x4003302; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x500320a up to 0x5003302; - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002402 up to 0x7002501; - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x46 up to 0x48; - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x24 up to 0x28; - Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x36 up to 0x38; - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd000331 up to 0xd000363; - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x38 up to 0x3a; - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1c up to 0x1e; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa8 up to 0xb0; - Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x2d up to 0x31; - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x22 up to 0x26; - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x3c up to 0x3e; - Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x15 up to 0x16; - Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x2400001f up to 0x24000023; - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xec up to 0xf0; - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xec up to 0xf0; - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xee up to 0xf0; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xea up to 0xf0; - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision 0xec up to 0xf0; - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x50 up to 0x53. * .gitignore: Replace /microcode-20220207.tar.gz entry with /microcode-20220510.tar.gz. * 0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch: New patch. * 06-4e-03_readme: Add a checksum for revision 0xf0, add the link to the 2022.1 IPU KB article. * 06-55-04_readme: Add a checksum for revision 0x2006d05, add the link to the 2022.1 IPU KB article. * 06-5e-03_readme: Add a checksum for revision 0xf0, add the link to the 2022.1 IPU KB article. * 06-8c-01_readme: Add a checksum for revision 0xa4, add the link to the 2022.1 IPU KB article. * 06-8e-9e-0x-0xca_readme: Add checksums for revision 0xf0, add the link to the 2022.1 IPU KB article. * 06-8e-9e-0x-dell_readme: Likewise. * codenames.list: Add an entry for CPU signatures 90672 (ADL-S/HX C0), 90675 (ADL-S K0), 906a3 (ADL-P L0, ADL-U R0), 906a4 (ADL-P R0), b06f2 (ADL C0), and b06f5 (ADL C0). * microcode_ctl.spec (intel_ucode_version): Bump to 20220510. (Patch1001): New patch (fixes in releasenote.md). (%prep): Apply it. (%changelog): Add a record. * sources: Replace microcode-20220207.tar.gz record with microcode-20220510.tar.gz. Resolves: #2090248 Resolves: #2090261 Resolves: #2086751 Resolves: #2040069 Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
182 lines
9.7 KiB
Plaintext
182 lines
9.7 KiB
Plaintext
Some Dell systems that use some models of Intel CPUs are susceptible to hangs
|
|
and system instability during or after microcode update to revision 0xc6/0xca
|
|
(included as part of microcode-20191113/microcode-20191115 update that addressed
|
|
CVE-2019-0117, CVE-2019-0123, CVE-2019-11135, and CVE-2019-11139)
|
|
and/or revision 0xd6 (included as part of microcode-20200609 update
|
|
that addressed CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549)
|
|
[1][2][3][4][5][6]. In order to address this, microcode update to the newer
|
|
revision has been disabled by default on these systems, and the previously
|
|
published microcode revisions 0xae/0xb4/0xb8 are used by default
|
|
for the OS-driven microcode update.
|
|
|
|
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/23
|
|
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/24
|
|
[3] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/33
|
|
[4] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/34
|
|
[5] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/35
|
|
[6] https://bugzilla.redhat.com/show_bug.cgi?id=1846097
|
|
|
|
This caveat contains revision 0xca of 06-[89]e-0x microcode publicly released
|
|
by Intel; for the latest revision of the microcode files, please refer to caveat
|
|
06-8e-9e-0x-dell.
|
|
|
|
For the reference, microarchitectures of the affected CPU models:
|
|
* Amber Lake-Y
|
|
* Kaby Lake-G/H/S/U/Y/Xeon E3
|
|
* Coffee Lake-H/S/U/Xeon E
|
|
* Comet Lake-U 4+2
|
|
* Whiskey Lake-U
|
|
|
|
Family names of the affected CPU models:
|
|
* 7th Generation Intel® Core™ Processor Family
|
|
* 8th Generation Intel® Core™ Processor Family
|
|
* 9th Generation Intel® Core™ Processor Family
|
|
* 10th Generation Intel® Core™ Processor Family (selected models)
|
|
* Intel® Celeron® Processor G Series
|
|
* Intel® Celeron® Processor 5000 Series
|
|
* Intel® Core™ X-series Processors (i7-7740X, i5-7640X only)
|
|
* Intel® Pentium® Gold Processor Series
|
|
* Intel® Pentium® Processor Series (selected models)
|
|
* Intel® Xeon® Processor E Family
|
|
* Intel® Xeon® Processor E3 v6 Family
|
|
|
|
SHA1 checksums of the microcode files containing microcode revisions
|
|
in question:
|
|
* 06-8e-09, revision 0xb4: e253c95c29c3eef6576db851dfa069d82a91256f
|
|
* 06-8e-0a, revision 0xb4: 45bcba494be07df9eeccff9627578095a97fba4d
|
|
* 06-8e-0b, revision 0xb8: 3e54bf91d642ad81ff07fe274d0cfb5d10d09c43
|
|
* 06-8e-0c, revision 0xb8: bf635c87177d6dc4e067ec11e1caeb19d3c325f0
|
|
* 06-9e-09, revision 0xb4: 42f68eec4ddb79dd6be0c95c4ce60e514e4504b1
|
|
* 06-9e-0a, revision 0xb4: 37c7cb394dd36610b57943578343723da67d50f0
|
|
* 06-9e-0b, revision 0xb4: b5399109d0a5ce8f5fb623ff942da0322b438b95
|
|
* 06-9e-0c, revision 0xae: 131bce89e4d210de8322ffbc6bd787f1af66a7df
|
|
* 06-9e-0d, revision 0xb8: 22511b007d1df55558d115abb13a1c23ea398317
|
|
|
|
* 06-8e-09, revision 0xca: 9afa1bae40995207afef13247f114be042d88083
|
|
* 06-8e-0a, revision 0xca: 1d90291cc25e17dc6c36c764cf8c06b41fed4c16
|
|
* 06-8e-0b, revision 0xca: 3fb1246a6594eff5e2c2076c63c600d734f10777
|
|
* 06-8e-0c, revision 0xca: e871540671f59b4fa5d0d454798f09a4d412aace
|
|
* 06-9e-09, revision 0xca: b5eed11108ab7ac1e675fe75d0e7454a400ddd35
|
|
* 06-9e-0a, revision 0xca: e472304aaa2f3815a32822cb111ab3f43bf3dfe4
|
|
* 06-9e-0b, revision 0xca: 78f47c5162da680878ed057dc7c853f9737c524b
|
|
* 06-9e-0c, revision 0xca: f23848a009928796a153cb9e8f44522136969408
|
|
* 06-9e-0d, revision 0xca: c7a3d469469ee828ba9faf91b67af881fceec3b7
|
|
|
|
* 06-8e-09, revision 0xd6: 2272c621768437d20e602207752201e0966e5a8c
|
|
* 06-8e-0a, revision 0xd6: 0b145afb88e028e612f04c2a86385e7d7c3fefc4
|
|
* 06-8e-0b, revision 0xd6: c3831b05da83be54f3acc451a1bce90f75e2e9e5
|
|
* 06-8e-0c, revision 0xd6: 4b8938a93e23f4b5a2d9de40b87f6afcfdc27c05
|
|
* 06-9e-09, revision 0xd6: 4bacba8c598508e7dd4e87e179586abe7a1a987f
|
|
* 06-9e-0a, revision 0xd6: 4c236afeef9f80ff3a286698fe7cef72926722f0
|
|
* 06-9e-0b, revision 0xd6: 2f9ab9b2ba29559ce177632281d7290a24fed2ef
|
|
* 06-9e-0c, revision 0xd6: 4b9059e519bcab6085b6c103f5d99e509fe0b2bb
|
|
* 06-9e-0d, revision 0xd6: 3a3b7edfd8126bb34b761b46a32102a622047899
|
|
|
|
* 06-8e-09, revision 0xde: 84d7514101eb8904834a3dacdee684b3c574245f
|
|
* 06-8e-0a, revision 0xe0: 080b9e3ebbcf6bb1eca0fb5f640e6bfbfe3a1e6e
|
|
* 06-8e-0b, revision 0xde: 80fed976231bbff4c7103e373498e07eef0bff31
|
|
* 06-8e-0c, revision 0xde: 84f160587fea4acb81451c8ff53dc51afba06343
|
|
* 06-9e-09, revision 0xde: 422026ffb2cca446693c586be98d0d9e7dfeb116
|
|
* 06-9e-0a, revision 0xde: b6c44b9fe26e1d6bafa27f37ffe010284294bf1c
|
|
* 06-9e-0b, revision 0xde: 6452937a0d359066b95f9e679a41a15490770312
|
|
* 06-9e-0c, revision 0xde: a95021a4e497e0bf3691ecf3d020728f25a3f542
|
|
* 06-9e-0d, revision 0xde: 03b20fdc2fa3f9586f93a7e40d3b61be5b7b788c
|
|
|
|
* 06-8e-09, revision 0xea: caa7192fb2223e3e52389aca84930aee326b384d
|
|
* 06-8e-0a, revision 0xea: ab4d5d3b51445d055763796a0362f8ab249cf4c8
|
|
* 06-8e-0b, revision 0xea: 5406c513f90286c02476ee0d4a6c8010a263c3ac
|
|
* 06-8e-0c, revision 0xea: 8c045b9056443862c95573efd4646e331a2310d3
|
|
* 06-9e-09, revision 0xea: a9f8a14ca3808f6380d6dff92e1fd693cc909668
|
|
* 06-9e-0a, revision 0xea: b7726bdba2fe74d8f419c68f417d796d569b9ec4
|
|
* 06-9e-0b, revision 0xea: 963dca66aedf2bfb0613d0d9515c6bcfb0589e0c
|
|
* 06-9e-0c, revision 0xea: 1329a4d8166fe7d70833d21428936254e11efbb4
|
|
* 06-9e-0d, revision 0xea: 9c73f2ac6c4edbf8b0aefdd5d6780c7219be702a
|
|
|
|
* 06-8e-09, revision 0xec: 78eb624be5e8084e438318bdad99f9ddc082def7
|
|
* 06-8e-0a, revision 0xec: 6c41a6ad412f48f81a9d5edf59dcdecc358398bf
|
|
* 06-8e-0b, revision 0xec: 89dd0de598c83eb9714f6839499f322dfce2b693
|
|
* 06-8e-0c, revision 0xec: 225ea349b9cb3b1b94e237deb797e0c60d14a84c
|
|
* 06-9e-09, revision 0xec: fc5c0206fe392a0ddad4dc9363fde2d3e3d1e681
|
|
* 06-9e-0a, revision 0xec: 128002076e4ac3c75697fb4efdf1f8ddcc971fbe
|
|
* 06-9e-0b, revision 0xec: ac8c3865a143b2e03869f15a5b86e560f60ad632
|
|
* 06-9e-0c, revision 0xec: 6e3d695290def517857c8e743dc65161479f0c04
|
|
* 06-9e-0d, revision 0xec: 58b1ec5fee7dd1a761ed901b374ccb978737a979
|
|
|
|
* 06-8e-09, revision 0xf0: 219e2b9168a09451b17813b97995cc59cc78b414
|
|
* 06-8e-0a, revision 0xf0: 3c4241d0b9d1a1a1e82d03b365fdd3b843006a7c
|
|
* 06-8e-0b, revision 0xf0: 79b61f034cba86e61641114bbab49ec0166c0f35
|
|
* 06-8e-0c, revision 0xf0: 11d166de440dbe9c440e90cb610ef4b9d48242b1
|
|
* 06-9e-09, revision 0xf0: 49e142da74e7298b2db738ff7dd1a9b0fa4e0c3e
|
|
* 06-9e-0a, revision 0xf0: 8de1d4a80cd683bf09854c33905c69d3d7ac7730
|
|
* 06-9e-0b, revision 0xf0: ff092c6ac8333f0abcd94f7d2e2088f31d960e62
|
|
* 06-9e-0c, revision 0xf0: 3702f21e87b75bea6f4b1ee0407b941ef31d4ad1
|
|
* 06-9e-0d, revision 0xf0: 226feaaa431eb76e734ab68efc2ea7b07aa3c7d9
|
|
|
|
Please contact your system vendor for a BIOS/firmware update that contains
|
|
the latest microcode version. For the information regarding microcode versions
|
|
required for mitigating specific side-channel cache attacks, please refer
|
|
to the following knowledge base articles:
|
|
* CVE-2017-5715 ("Spectre"):
|
|
https://access.redhat.com/articles/3436091
|
|
* CVE-2018-3639 ("Speculative Store Bypass"):
|
|
https://access.redhat.com/articles/3540901
|
|
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
|
|
https://access.redhat.com/articles/3562741
|
|
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
|
|
("Microarchitectural Data Sampling"):
|
|
https://access.redhat.com/articles/4138151
|
|
* CVE-2019-0117 (Intel SGX Information Leak),
|
|
CVE-2019-0123 (Intel SGX Privilege Escalation),
|
|
CVE-2019-11135 (TSX Asynchronous Abort),
|
|
CVE-2019-11139 (Voltage Setting Modulation):
|
|
https://access.redhat.com/solutions/2019-microcode-nov
|
|
* CVE-2020-0543 (Special Register Buffer Data Sampling),
|
|
CVE-2020-0548 (Vector Register Data Sampling),
|
|
CVE-2020-0549 (L1D Cache Eviction Sampling):
|
|
https://access.redhat.com/solutions/5142751
|
|
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
|
|
CVE-2020-8696 (Vector Register Leakage-Active),
|
|
CVE-2020-8698 (Fast Forward Store Predictor):
|
|
https://access.redhat.com/articles/5569051
|
|
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
|
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
|
CVE-2020-24512 (Observable Timing Discrepancy),
|
|
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
|
https://access.redhat.com/articles/6101171
|
|
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
|
|
https://access.redhat.com/articles/6716541
|
|
* CVE-2022-0005 (Informational disclosure via JTAG),
|
|
CVE-2022-21123 (Shared Buffers Data Read),
|
|
CVE-2022-21125 (Shared Buffers Data Sampling),
|
|
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
|
|
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
|
|
CVE-2022-21166 (Device Register Partial Write):
|
|
https://access.redhat.com/articles/6963124
|
|
|
|
The information regarding disabling microcode update is provided below.
|
|
|
|
To disable usage of the newer microcode revision for a specific kernel
|
|
version, please create a file "disallow-intel-06-8e-9e-0x-0xca" inside
|
|
/lib/firmware/<kernel_version> directory, run
|
|
"/usr/libexec/microcode_ctl/update_ucode" to update firmware directory
|
|
used for late microcode updates, and run "dracut -f --kver <kernel_version>"
|
|
so initramfs for this kernel version is regenerated, for example:
|
|
|
|
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-8e-9e-0x-0xca
|
|
/usr/libexec/microcode_ctl/update_ucode
|
|
dracut -f --kver 3.10.0-862.9.1
|
|
|
|
To disable usage of the newer microcode revision for all kernels, please create
|
|
file "/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8e-9e-0x-0xca",
|
|
run "/usr/libexec/microcode_ctl/update_ucode" to update firmware directories
|
|
used for late microcode updates, and run "dracut -f --regenerate-all"
|
|
so initramfs images get regenerated, for example:
|
|
|
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
|
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8e-9e-0xca
|
|
/usr/libexec/microcode_ctl/update_ucode
|
|
dracut -f --regenerate-all
|
|
|
|
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
|
|
information.
|