4f40bcbef1
- Update Intel CPU microcode to microcode-20220510 release, addresses CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151 (#2086743): - Addition of 06-97-02/0x03 (ADL-HX C0) microcode at revision 0x1f; - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in intel-ucode/06-97-02) at revision 0x1f; - Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-02) at revision 0x1f; - Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-02) at revision 0x1f; - Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in intel-ucode/06-97-05) at revision 0x1f; - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode at revision 0x1f; - Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-05) at revision 0x1f; - Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-05) at revision 0x1f; - Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode at revision 0x41c; - Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in intel-ucode/06-9a-03) at revision 0x41c; - Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in intel-ucode/06-9a-04) at revision 0x41c; - Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode at revision 0x41c; - Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in intel-ucode/06-bf-02) at revision 0x1f; - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in intel-ucode/06-bf-02) at revision 0x1f; - Addition of 06-bf-02/0x03 (ADL C0) microcode at revision 0x1f; - Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-bf-02) at revision 0x1f; - Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in intel-ucode/06-bf-05) at revision 0x1f; - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in intel-ucode/06-bf-05) at revision 0x1f; - Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-bf-05) at revision 0x1f; - Addition of 06-bf-05/0x03 (ADL C0) microcode at revision 0x1f; - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xec up to 0xf0; - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006c0a up to 0x2006d05; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xec up to 0xf0; - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in intel-06-8c-01/intel-ucode/06-8c-01) from revision 0x9a up to 0xa4; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xec up to 0xf0; - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xec up to 0xf0; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xec up to 0xf0; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xec up to 0xf0; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from revision 0xec up to 0xf0; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xec up to 0xf0; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xec up to 0xf0; - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xec up to 0xf0; - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xec up to 0xf0; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xec up to 0xf0; - Update of 06-37-09/0x0f (VLV D0) microcode from revision 0x90c up to 0x90d; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015c up to 0x100015d; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400320a up to 0x4003302; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x500320a up to 0x5003302; - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002402 up to 0x7002501; - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x46 up to 0x48; - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x24 up to 0x28; - Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x36 up to 0x38; - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd000331 up to 0xd000363; - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x38 up to 0x3a; - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1c up to 0x1e; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa8 up to 0xb0; - Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x2d up to 0x31; - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x22 up to 0x26; - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x3c up to 0x3e; - Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x15 up to 0x16; - Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x2400001f up to 0x24000023; - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xec up to 0xf0; - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xec up to 0xf0; - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xee up to 0xf0; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xea up to 0xf0; - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision 0xec up to 0xf0; - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x50 up to 0x53. * .gitignore: Replace /microcode-20220207.tar.gz entry with /microcode-20220510.tar.gz. * 0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch: New patch. * 06-4e-03_readme: Add a checksum for revision 0xf0, add the link to the 2022.1 IPU KB article. * 06-55-04_readme: Add a checksum for revision 0x2006d05, add the link to the 2022.1 IPU KB article. * 06-5e-03_readme: Add a checksum for revision 0xf0, add the link to the 2022.1 IPU KB article. * 06-8c-01_readme: Add a checksum for revision 0xa4, add the link to the 2022.1 IPU KB article. * 06-8e-9e-0x-0xca_readme: Add checksums for revision 0xf0, add the link to the 2022.1 IPU KB article. * 06-8e-9e-0x-dell_readme: Likewise. * codenames.list: Add an entry for CPU signatures 90672 (ADL-S/HX C0), 90675 (ADL-S K0), 906a3 (ADL-P L0, ADL-U R0), 906a4 (ADL-P R0), b06f2 (ADL C0), and b06f5 (ADL C0). * microcode_ctl.spec (intel_ucode_version): Bump to 20220510. (Patch1001): New patch (fixes in releasenote.md). (%prep): Apply it. (%changelog): Add a record. * sources: Replace microcode-20220207.tar.gz record with microcode-20220510.tar.gz. Resolves: #2090248 Resolves: #2090261 Resolves: #2086751 Resolves: #2040069 Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
91 lines
4.6 KiB
Plaintext
91 lines
4.6 KiB
Plaintext
Some Intel Skylake CPU models (SKL-U/Y, family 6, model 78, stepping 3)
|
|
have reports of system hangs when revision 0xdc of microcode, that is included
|
|
since microcode-20200609 update to address CVE-2020-0543, CVE-2020-0548,
|
|
and CVE-2020-0549, is applied[1]. In order to address this, microcode update
|
|
to the newer revision has been disabled by default on these systems,
|
|
and the previously published microcode revision 0xd6 is used by default
|
|
for the OS-driven microcode update.
|
|
|
|
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
|
|
|
|
For the reference, SHA1 checksums of 06-4e-03 microcode files containing
|
|
microcode revisions in question are listed below:
|
|
* 06-4e-03, revision 0xd6: 06432a25053c823b0e2a6b8e84e2e2023ee3d43e
|
|
* 06-4e-03, revision 0xdc: cd1733458d187486999337ff8b51eeaa0cfbca6c
|
|
* 06-4e-03, revision 0xe2: 41f4513cf563605bc85db38056ac430dec948366
|
|
* 06-4e-03, revision 0xea: 5a54cab9f22f69b819d663e5747ed6ea2a326c55
|
|
* 06-4e-03, revision 0xec: d949a8543d2464d955f5dc4b0777cac863f48729
|
|
* 06-4e-03, revision 0xf0: 37475bac70457ba8df2c1a32bba81bd7bd27d5e8
|
|
|
|
Please contact your system vendor for a BIOS/firmware update that contains
|
|
the latest microcode version. For the information regarding microcode versions
|
|
required for mitigating specific side-channel cache attacks, please refer
|
|
to the following knowledge base articles:
|
|
* CVE-2017-5715 ("Spectre"):
|
|
https://access.redhat.com/articles/3436091
|
|
* CVE-2018-3639 ("Speculative Store Bypass"):
|
|
https://access.redhat.com/articles/3540901
|
|
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
|
|
https://access.redhat.com/articles/3562741
|
|
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
|
|
("Microarchitectural Data Sampling"):
|
|
https://access.redhat.com/articles/4138151
|
|
* CVE-2019-0117 (Intel SGX Information Leak),
|
|
CVE-2019-0123 (Intel SGX Privilege Escalation),
|
|
CVE-2019-11135 (TSX Asynchronous Abort),
|
|
CVE-2019-11139 (Voltage Setting Modulation):
|
|
https://access.redhat.com/solutions/2019-microcode-nov
|
|
* CVE-2020-0543 (Special Register Buffer Data Sampling),
|
|
CVE-2020-0548 (Vector Register Data Sampling),
|
|
CVE-2020-0549 (L1D Cache Eviction Sampling):
|
|
https://access.redhat.com/solutions/5142751
|
|
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
|
|
CVE-2020-8696 (Vector Register Leakage-Active),
|
|
CVE-2020-8698 (Fast Forward Store Predictor):
|
|
https://access.redhat.com/articles/5569051
|
|
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
|
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
|
CVE-2020-24512 (Observable Timing Discrepancy),
|
|
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
|
https://access.redhat.com/articles/6101171
|
|
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
|
|
https://access.redhat.com/articles/6716541
|
|
* CVE-2022-0005 (Informational disclosure via JTAG),
|
|
CVE-2022-21123 (Shared Buffers Data Read),
|
|
CVE-2022-21125 (Shared Buffers Data Sampling),
|
|
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
|
|
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
|
|
CVE-2022-21166 (Device Register Partial Write):
|
|
https://access.redhat.com/articles/6963124
|
|
|
|
The information regarding enforcing microcode update is provided below.
|
|
|
|
To enforce usage of the latest 06-4e-03 microcode revision for a specific kernel
|
|
version, please create a file "force-intel-06-4e-03" inside
|
|
/lib/firmware/<kernel_version> directory, run
|
|
"/usr/libexec/microcode_ctl/update_ucode" to add it to firmware directory
|
|
where microcode will be available for late microcode update, and run
|
|
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
|
|
is regenerated and the microcode can be loaded early, for example:
|
|
|
|
touch /lib/firmware/3.10.0-862.9.1/force-intel-06-4e-03
|
|
/usr/libexec/microcode_ctl/update_ucode
|
|
dracut -f --kver 3.10.0-862.9.1
|
|
|
|
After that, it is possible to perform a late microcode update by executing
|
|
"/usr/libexec/microcode_ctl/reload_microcode" or by writing value "1" to
|
|
"/sys/devices/system/cpu/microcode/reload" directly.
|
|
|
|
To enforce addition of this microcode for all kernels, please create file
|
|
"/etc/microcode_ctl/ucode_with_caveats/force-intel-06-4e-03", run
|
|
"/usr/libexec/microcode_ctl/update_ucode" for enabling late microcode updates,
|
|
and "dracut -f --regenerate-all" for enabling early microcode updates:
|
|
|
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
|
touch /etc/microcode_ctl/ucode_with_caveats/force-intel-06-4e-03
|
|
/usr/libexec/microcode_ctl/update_ucode
|
|
dracut -f --regenerate-all
|
|
|
|
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
|
|
information.
|