Activity log for bug #1700373

Date Who What changed Old value New value Message
2017-06-25 15:29:40 C de-Avillez bug added bug
2017-06-25 15:37:01 Robie Basak bug added subscriber Robie Basak
2017-06-25 15:43:57 Launchpad Janitor intel-microcode (Ubuntu): status New Confirmed
2017-06-25 16:01:36 Logan V bug added subscriber Logan V
2017-06-25 16:19:23 Jeremy Bícha nominated for series Ubuntu Xenial
2017-06-25 16:19:23 Jeremy Bícha bug task added intel-microcode (Ubuntu Xenial)
2017-06-25 16:19:23 Jeremy Bícha nominated for series Ubuntu Zesty
2017-06-25 16:19:23 Jeremy Bícha bug task added intel-microcode (Ubuntu Zesty)
2017-06-25 16:19:23 Jeremy Bícha nominated for series Ubuntu Yakkety
2017-06-25 16:19:23 Jeremy Bícha bug task added intel-microcode (Ubuntu Yakkety)
2017-06-25 16:19:33 Launchpad Janitor intel-microcode (Ubuntu Xenial): status New Confirmed
2017-06-25 16:19:33 Launchpad Janitor intel-microcode (Ubuntu Yakkety): status New Confirmed
2017-06-25 16:19:33 Launchpad Janitor intel-microcode (Ubuntu Zesty): status New Confirmed
2017-06-25 16:19:54 Jeremy Bícha bug added subscriber Jeremy Bicha
2017-06-25 17:35:55 Olivier Duclos bug added subscriber Olivier Duclos
2017-06-25 17:59:52 Kostadin Stoilov bug added subscriber Kostadin Stoilov
2017-06-25 18:36:09 Alexander Browne bug added subscriber Alexander Browne
2017-06-25 18:48:27 Scott bug added subscriber Scott
2017-06-25 18:52:11 Alexander E. Patrakov bug added subscriber Alexander E. Patrakov
2017-06-25 19:46:21 Manuel Grabowski bug added subscriber Manuel Grabowski
2017-06-25 21:44:30 Vinson Lee bug added subscriber Vinson Lee
2017-06-25 22:06:29 asavah bug added subscriber asavah
2017-06-26 04:22:58 Anthony Wong bug added subscriber Anthony Wong
2017-06-26 04:55:05 nobody bug added subscriber nirfse
2017-06-26 09:00:20 Simone Baruzza bug added subscriber Simone Baruzza
2017-06-26 09:30:48 Andrew Hayzen bug added subscriber Andrew Hayzen
2017-06-26 09:41:58 Dimitri John Ledkov nominated for series Ubuntu Artful
2017-06-26 09:41:58 Dimitri John Ledkov bug task added intel-microcode (Ubuntu Artful)
2017-06-26 09:42:06 Dimitri John Ledkov intel-microcode (Ubuntu Artful): status Confirmed Fix Released
2017-06-26 10:17:53 Jacobo García bug task added intel
2017-06-26 10:18:40 Jacobo García bug task deleted intel
2017-06-26 10:19:03 Jacobo García bug added subscriber Jacobo García
2017-06-26 12:08:47 Markus Schade bug added subscriber Markus Schade
2017-06-26 12:40:02 Edwin Khoo bug added subscriber Edwin Khoo
2017-06-26 13:25:10 Matthias Geerdsen bug added subscriber Matthias Geerdsen
2017-06-26 15:19:49 Dimitri John Ledkov description NB: I am *not* directly affected by this bug. Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt: "This warning advisory is relevant for users of systems with the Intel processors code-named "Skylake" and "Kaby Lake". These are: the 6th and 7th generation Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as Xeon v5 and Xeon v6), as well as select Intel Pentium processor models. TL;DR: unfixed Skylake and Kaby Lake processors could, in some situations, dangerously misbehave when hyper-threading is enabled. Disable hyper-threading immediately in BIOS/UEFI to work around the problem. Read this advisory for instructions about an Intel-provided fix." It is probably a good idea to: (1) issue a warning to our users about this; (2) update intel-microcode on all our supported releases I leave the discussion on whether this can have security implications to others. [1] https://lists.debian.org/debian-devel/2017/06/msg00308.html ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: intel-microcode 3.20161104.1 ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15 Uname: Linux 4.10.0-24-generic x86_64 ApportVersion: 2.20.4-0ubuntu4.1 Architecture: amd64 CurrentDesktop: Unity:Unity7 Date: Sun Jun 25 10:14:19 2017 InstallationDate: Installed on 2017-05-26 (30 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: intel-microcode UpgradeStatus: No upgrade log present (probably fresh install) [Impact] * A security fix has been made available as part of intel-microcode * It is advisable to apply it * Thus an SRU of the latest intel-microcode is desirable for all stable releases [Test Case] * Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs * Reboot and verify no averse results, and/or that microcode for your cpu was loaded by expecting [Test case reporting] * Please paste the output of: dpkg-query -W intel-microcode journalctl -k | grep microcode [Regression Potential] Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care. [Original bug report] NB: I am *not* directly affected by this bug. Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt: "This warning advisory is relevant for users of systems with the Intel processors code-named "Skylake" and "Kaby Lake". These are: the 6th and 7th generation Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as Xeon v5 and Xeon v6), as well as select Intel Pentium processor models. TL;DR: unfixed Skylake and Kaby Lake processors could, in some situations, dangerously misbehave when hyper-threading is enabled. Disable hyper-threading immediately in BIOS/UEFI to work around the problem. Read this advisory for instructions about an Intel-provided fix." It is probably a good idea to: (1) issue a warning to our users about this; (2) update intel-microcode on all our supported releases I leave the discussion on whether this can have security implications to others. [1] https://lists.debian.org/debian-devel/2017/06/msg00308.html ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: intel-microcode 3.20161104.1 ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15 Uname: Linux 4.10.0-24-generic x86_64 ApportVersion: 2.20.4-0ubuntu4.1 Architecture: amd64 CurrentDesktop: Unity:Unity7 Date: Sun Jun 25 10:14:19 2017 InstallationDate: Installed on 2017-05-26 (30 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: intel-microcode UpgradeStatus: No upgrade log present (probably fresh install)
2017-06-26 15:23:12 Benjamin Frisch bug added subscriber Benjamin Frisch
2017-06-26 15:26:34 Dimitri John Ledkov intel-microcode (Ubuntu Zesty): assignee Dimitri John Ledkov (xnox)
2017-06-26 15:26:36 Dimitri John Ledkov intel-microcode (Ubuntu Yakkety): assignee Dimitri John Ledkov (xnox)
2017-06-26 15:26:38 Dimitri John Ledkov intel-microcode (Ubuntu Xenial): assignee Dimitri John Ledkov (xnox)
2017-06-26 15:26:41 Dimitri John Ledkov intel-microcode (Ubuntu Zesty): status Confirmed In Progress
2017-06-26 15:26:43 Dimitri John Ledkov intel-microcode (Ubuntu Yakkety): status Confirmed In Progress
2017-06-26 15:26:45 Dimitri John Ledkov intel-microcode (Ubuntu Xenial): status Confirmed In Progress
2017-06-26 15:52:55 Marat Khalili bug added subscriber Marat Khalili
2017-06-26 16:16:07 Emmanuel Rodriguez bug added subscriber Emmanuel Rodriguez
2017-06-26 16:29:34 Calvin Leung bug added subscriber Calvin Leung
2017-06-26 18:51:40 Marc Zankl bug added subscriber Marc Zankl
2017-06-26 19:18:38 Mark Rijckenberg bug added subscriber Mark Rijckenberg
2017-06-26 22:17:02 Robie Basak nominated for series Ubuntu Trusty
2017-06-26 22:17:02 Robie Basak bug task added intel-microcode (Ubuntu Trusty)
2017-06-26 22:27:23 Alexander Browne removed subscriber Alexander Browne
2017-06-26 22:27:25 Alexander Browne bug added subscriber Alexander Browne
2017-06-26 22:31:07 Launchpad Janitor intel-microcode (Ubuntu Trusty): status New Confirmed
2017-06-27 01:02:44 Nobuto Murata bug added subscriber Nobuto Murata
2017-06-27 05:43:23 Marc Zankl removed subscriber Marc Zankl
2017-06-27 10:55:55 schamane bug added subscriber schamane
2017-06-27 11:10:56 Matthieu Poullet bug added subscriber Matthieu Poullet
2017-06-27 13:55:51 Matthew L. Dailey bug added subscriber Matthew L. Dailey
2017-06-27 18:03:30 Byte Commander bug added subscriber Byte Commander
2017-06-27 20:37:24 Dave Chiluk bug added subscriber Dave Chiluk
2017-06-28 09:15:21 dorpm bug added subscriber dorpm
2017-06-28 09:19:32 Dimitri John Ledkov intel-microcode (Ubuntu Zesty): assignee Dimitri John Ledkov (xnox)
2017-06-28 09:19:36 Dimitri John Ledkov intel-microcode (Ubuntu Xenial): assignee Dimitri John Ledkov (xnox)
2017-06-28 09:19:38 Dimitri John Ledkov intel-microcode (Ubuntu Yakkety): assignee Dimitri John Ledkov (xnox)
2017-06-28 09:19:42 Dimitri John Ledkov intel-microcode (Ubuntu Yakkety): status In Progress Confirmed
2017-06-28 09:19:45 Dimitri John Ledkov intel-microcode (Ubuntu Xenial): status In Progress Confirmed
2017-06-28 09:19:48 Dimitri John Ledkov intel-microcode (Ubuntu Zesty): status In Progress Confirmed
2017-06-28 10:03:01 Robie Basak description [Impact] * A security fix has been made available as part of intel-microcode * It is advisable to apply it * Thus an SRU of the latest intel-microcode is desirable for all stable releases [Test Case] * Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs * Reboot and verify no averse results, and/or that microcode for your cpu was loaded by expecting [Test case reporting] * Please paste the output of: dpkg-query -W intel-microcode journalctl -k | grep microcode [Regression Potential] Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care. [Original bug report] NB: I am *not* directly affected by this bug. Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt: "This warning advisory is relevant for users of systems with the Intel processors code-named "Skylake" and "Kaby Lake". These are: the 6th and 7th generation Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as Xeon v5 and Xeon v6), as well as select Intel Pentium processor models. TL;DR: unfixed Skylake and Kaby Lake processors could, in some situations, dangerously misbehave when hyper-threading is enabled. Disable hyper-threading immediately in BIOS/UEFI to work around the problem. Read this advisory for instructions about an Intel-provided fix." It is probably a good idea to: (1) issue a warning to our users about this; (2) update intel-microcode on all our supported releases I leave the discussion on whether this can have security implications to others. [1] https://lists.debian.org/debian-devel/2017/06/msg00308.html ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: intel-microcode 3.20161104.1 ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15 Uname: Linux 4.10.0-24-generic x86_64 ApportVersion: 2.20.4-0ubuntu4.1 Architecture: amd64 CurrentDesktop: Unity:Unity7 Date: Sun Jun 25 10:14:19 2017 InstallationDate: Installed on 2017-05-26 (30 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: intel-microcode UpgradeStatus: No upgrade log present (probably fresh install) [Impact] * A security fix has been made available as part of intel-microcode * It is advisable to apply it * Thus an SRU of the latest intel-microcode is desirable for all stable releases [Test Case] * Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs * Reboot and verify no averse results, and/or that microcode for your cpu was loaded by expecting [Test case reporting] * Please paste the output of: dpkg-query -W intel-microcode grep -E 'model|stepping' /proc/cpuinfo | sort -u journalctl -k | grep microcode [Regression Potential] Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care. [Original bug report] NB: I am *not* directly affected by this bug. Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt: "This warning advisory is relevant for users of systems with the Intel processors code-named "Skylake" and "Kaby Lake". These are: the 6th and 7th generation Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as Xeon v5 and Xeon v6), as well as select Intel Pentium processor models. TL;DR: unfixed Skylake and Kaby Lake processors could, in some situations, dangerously misbehave when hyper-threading is enabled. Disable hyper-threading immediately in BIOS/UEFI to work around the problem. Read this advisory for instructions about an Intel-provided fix." It is probably a good idea to: (1) issue a warning to our users about this; (2) update intel-microcode on all our supported releases I leave the discussion on whether this can have security implications to others. [1] https://lists.debian.org/debian-devel/2017/06/msg00308.html ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: intel-microcode 3.20161104.1 ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15 Uname: Linux 4.10.0-24-generic x86_64 ApportVersion: 2.20.4-0ubuntu4.1 Architecture: amd64 CurrentDesktop: Unity:Unity7 Date: Sun Jun 25 10:14:19 2017 InstallationDate: Installed on 2017-05-26 (30 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: intel-microcode UpgradeStatus: No upgrade log present (probably fresh install)
2017-06-28 10:07:54 Robie Basak intel-microcode (Ubuntu Zesty): status Confirmed Fix Committed
2017-06-28 10:07:56 Robie Basak bug added subscriber Ubuntu Stable Release Updates Team
2017-06-28 10:07:57 Robie Basak bug added subscriber SRU Verification
2017-06-28 10:08:08 Robie Basak tags amd64 apport-bug zesty amd64 apport-bug verification-needed verification-needed-zesty zesty
2017-06-28 10:41:36 Michael Kofler bug added subscriber Michael Kofler
2017-06-28 11:09:57 Nicolas Peifer bug added subscriber Nicolas Peifer
2017-06-28 13:07:39 Marcos Alano bug added subscriber Marcos Alano
2017-06-28 17:42:32 Eugene San tags amd64 apport-bug verification-needed verification-needed-zesty zesty amd64 apport-bug lts verification-needed verification-needed-zesty zesty
2017-06-28 17:45:16 Eugene San summary Please update microcode to version 20170511 on all supported platforms intel-microcode should be updated, version 20170511 fixes severe errata on 6th and 7th generation platforms
2017-06-28 17:46:25 Eugene San summary intel-microcode should be updated, version 20170511 fixes severe errata on 6th and 7th generation platforms intel-microcode should be updated for LTS releases, version 20170511 fixes severe errata on 6th and 7th generation platforms
2017-06-29 08:59:33 Robie Basak summary intel-microcode should be updated for LTS releases, version 20170511 fixes severe errata on 6th and 7th generation platforms intel-microcode is out of date, version 20170511 fixes severe errata on 6th and 7th generation platforms
2017-06-29 09:01:08 Robie Basak summary intel-microcode is out of date, version 20170511 fixes severe errata on 6th and 7th generation platforms intel-microcode is out of date, version 20170511 fixes errata on 6th and 7th generation platforms
2017-06-29 15:50:23 Dave Chiluk intel-microcode (Ubuntu Yakkety): assignee Dave Chiluk (chiluk)
2017-06-29 15:50:25 Dave Chiluk intel-microcode (Ubuntu Xenial): assignee Dave Chiluk (chiluk)
2017-07-01 12:22:05 Török Edwin bug added subscriber Török Edwin
2017-07-01 12:33:45 Török Edwin tags amd64 apport-bug lts verification-needed verification-needed-zesty zesty amd64 apport-bug lts verification-done-zesty verification-needed zesty
2017-07-03 07:55:14 Andy Li bug added subscriber Andy Li
2017-07-03 22:20:19 Dave Chiluk description [Impact] * A security fix has been made available as part of intel-microcode * It is advisable to apply it * Thus an SRU of the latest intel-microcode is desirable for all stable releases [Test Case] * Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs * Reboot and verify no averse results, and/or that microcode for your cpu was loaded by expecting [Test case reporting] * Please paste the output of: dpkg-query -W intel-microcode grep -E 'model|stepping' /proc/cpuinfo | sort -u journalctl -k | grep microcode [Regression Potential] Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care. [Original bug report] NB: I am *not* directly affected by this bug. Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt: "This warning advisory is relevant for users of systems with the Intel processors code-named "Skylake" and "Kaby Lake". These are: the 6th and 7th generation Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as Xeon v5 and Xeon v6), as well as select Intel Pentium processor models. TL;DR: unfixed Skylake and Kaby Lake processors could, in some situations, dangerously misbehave when hyper-threading is enabled. Disable hyper-threading immediately in BIOS/UEFI to work around the problem. Read this advisory for instructions about an Intel-provided fix." It is probably a good idea to: (1) issue a warning to our users about this; (2) update intel-microcode on all our supported releases I leave the discussion on whether this can have security implications to others. [1] https://lists.debian.org/debian-devel/2017/06/msg00308.html ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: intel-microcode 3.20161104.1 ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15 Uname: Linux 4.10.0-24-generic x86_64 ApportVersion: 2.20.4-0ubuntu4.1 Architecture: amd64 CurrentDesktop: Unity:Unity7 Date: Sun Jun 25 10:14:19 2017 InstallationDate: Installed on 2017-05-26 (30 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: intel-microcode UpgradeStatus: No upgrade log present (probably fresh install) [Impact] * A security fix has been made available as part of intel-microcode * It is advisable to apply it * Thus an SRU of the latest intel-microcode is desirable for all stable releases [Test Case] * Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs * Reboot and verify no averse results, and/or that microcode for your cpu was loaded as expected. [Test case reporting] * Please paste the output of: dpkg-query -W intel-microcode grep -E 'model|stepping' /proc/cpuinfo | sort -u journalctl -k | grep microcode [Regression Potential] Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care. [Other] caml discussion describing test case to reproduce the crash. https://caml.inria.fr/mantis/view.php?id=7452 ========================================================================= [Original bug report] NB: I am *not* directly affected by this bug. Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt: "This warning advisory is relevant for users of systems with the Intel processors code-named "Skylake" and "Kaby Lake". These are: the 6th and 7th generation Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as Xeon v5 and Xeon v6), as well as select Intel Pentium processor models. TL;DR: unfixed Skylake and Kaby Lake processors could, in some situations, dangerously misbehave when hyper-threading is enabled. Disable hyper-threading immediately in BIOS/UEFI to work around the problem. Read this advisory for instructions about an Intel-provided fix." It is probably a good idea to: (1) issue a warning to our users about this; (2) update intel-microcode on all our supported releases I leave the discussion on whether this can have security implications to others. [1] https://lists.debian.org/debian-devel/2017/06/msg00308.html ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: intel-microcode 3.20161104.1 ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15 Uname: Linux 4.10.0-24-generic x86_64 ApportVersion: 2.20.4-0ubuntu4.1 Architecture: amd64 CurrentDesktop: Unity:Unity7 Date: Sun Jun 25 10:14:19 2017 InstallationDate: Installed on 2017-05-26 (30 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: intel-microcode UpgradeStatus: No upgrade log present (probably fresh install)
2017-07-03 22:20:37 Dave Chiluk intel-microcode (Ubuntu Trusty): status Confirmed Won't Fix
2017-07-04 00:23:22 Haw Loeung bug added subscriber Haw Loeung
2017-07-07 03:27:05 Pablo Cabrera bug added subscriber Pablo Cabrera
2017-07-10 09:45:31 Launchpad Janitor intel-microcode (Ubuntu Zesty): status Fix Committed Fix Released
2017-07-10 09:45:35 Łukasz Zemczak removed subscriber Ubuntu Stable Release Updates Team
2017-07-10 13:51:51 paz bug added subscriber paz
2017-07-10 16:48:56 Dave Chiluk description [Impact] * A security fix has been made available as part of intel-microcode * It is advisable to apply it * Thus an SRU of the latest intel-microcode is desirable for all stable releases [Test Case] * Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs * Reboot and verify no averse results, and/or that microcode for your cpu was loaded as expected. [Test case reporting] * Please paste the output of: dpkg-query -W intel-microcode grep -E 'model|stepping' /proc/cpuinfo | sort -u journalctl -k | grep microcode [Regression Potential] Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care. [Other] caml discussion describing test case to reproduce the crash. https://caml.inria.fr/mantis/view.php?id=7452 ========================================================================= [Original bug report] NB: I am *not* directly affected by this bug. Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt: "This warning advisory is relevant for users of systems with the Intel processors code-named "Skylake" and "Kaby Lake". These are: the 6th and 7th generation Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as Xeon v5 and Xeon v6), as well as select Intel Pentium processor models. TL;DR: unfixed Skylake and Kaby Lake processors could, in some situations, dangerously misbehave when hyper-threading is enabled. Disable hyper-threading immediately in BIOS/UEFI to work around the problem. Read this advisory for instructions about an Intel-provided fix." It is probably a good idea to: (1) issue a warning to our users about this; (2) update intel-microcode on all our supported releases I leave the discussion on whether this can have security implications to others. [1] https://lists.debian.org/debian-devel/2017/06/msg00308.html ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: intel-microcode 3.20161104.1 ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15 Uname: Linux 4.10.0-24-generic x86_64 ApportVersion: 2.20.4-0ubuntu4.1 Architecture: amd64 CurrentDesktop: Unity:Unity7 Date: Sun Jun 25 10:14:19 2017 InstallationDate: Installed on 2017-05-26 (30 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: intel-microcode UpgradeStatus: No upgrade log present (probably fresh install) [Impact] * A security fix has been made available as part of intel-microcode * It is advisable to apply it * Thus an SRU of the latest intel-microcode is desirable for all stable releases [Test Case] * Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs * Reboot and verify no averse results, and/or that microcode for your cpu was loaded as expected. [Test case reporting] * Please paste the output of: dpkg-query -W intel-microcode grep -E 'model|stepping' /proc/cpuinfo | sort -u journalctl -k | grep microcode [Regression Potential] Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care. [Other] caml discussion describing test case to reproduce the crash. https://caml.inria.fr/mantis/view.php?id=7452 * I did not backport the full debian/changelog, as some of the changes were ommitted for SRU purposes, and I don't like the idea of modifying the changelog of others. * I did not backport this below change but I feel as though the SRU team should evaluate including it. I left it out due to the change as little as possible guidance from the SRU team. Additionally the microcode version that included this change was somewhere around 20111205. More information here https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr ''' # 0x206c2: Intel Westmere B1 (Xeon 3600, 5600, Core i7 2nd gen). # # When Intel released a fix for Intel SA-00030, they issued a MCU that # bumps the minimum acceptable version of the Intel TXT ACMs in the # TPM persistent storage. This permanently blacklists the vulnerable # ACMs *even on older microcode* in order to make it somewhat harder # to work around the security fix through a BIOS downgrade attack. # # It is possible that such a microcode update, when peformed by the # operating system, could sucessfully trigger the TPM persistent # storage update Intel intended to happen during firmware boot: we # simply don't know enough to rule it out. Should that happen, Intel # TXT will be permanently disabled. This could easily interact very # badly with the firmware, rendering the system unbootable. If *that* # happens, it would likely require either a TPM module replacement # (rendering sealed data useless) or a direct flash of a new BIOS with # updated ACMs, to repair. # # Blacklist updates for signature 0x206c2 as a safety net. IUC_EXCLUDE += -s !0x206c2 ''' * I versioned the packages 3.20170511.1~ubuntu<release> as I feel this more appropriately reflects the contents of each package rather than simply incrementing the ubuntu version number. ========================================================================= [Original bug report] NB: I am *not* directly affected by this bug. Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt: "This warning advisory is relevant for users of systems with the Intel processors code-named "Skylake" and "Kaby Lake". These are: the 6th and 7th generation Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as Xeon v5 and Xeon v6), as well as select Intel Pentium processor models. TL;DR: unfixed Skylake and Kaby Lake processors could, in some situations, dangerously misbehave when hyper-threading is enabled. Disable hyper-threading immediately in BIOS/UEFI to work around the problem. Read this advisory for instructions about an Intel-provided fix." It is probably a good idea to: (1) issue a warning to our users about this; (2) update intel-microcode on all our supported releases I leave the discussion on whether this can have security implications to others. [1] https://lists.debian.org/debian-devel/2017/06/msg00308.html ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: intel-microcode 3.20161104.1 ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15 Uname: Linux 4.10.0-24-generic x86_64 ApportVersion: 2.20.4-0ubuntu4.1 Architecture: amd64 CurrentDesktop: Unity:Unity7 Date: Sun Jun 25 10:14:19 2017 InstallationDate: Installed on 2017-05-26 (30 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: intel-microcode UpgradeStatus: No upgrade log present (probably fresh install)
2017-07-13 03:21:09 Dave Chiluk intel-microcode (Ubuntu Zesty): status Fix Released Confirmed
2017-07-13 03:21:13 Dave Chiluk intel-microcode (Ubuntu Zesty): assignee Dave Chiluk (chiluk)
2017-07-13 03:21:54 Dave Chiluk tags amd64 apport-bug lts verification-done-zesty verification-needed zesty amd64 apport-bug lts verification-done-artful zesty
2017-07-13 05:15:56 Dave Chiluk bug added subscriber Ubuntu Stable Release Updates Team
2017-07-13 05:17:02 Dave Chiluk summary intel-microcode is out of date, version 20170511 fixes errata on 6th and 7th generation platforms intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms
2017-07-13 05:18:12 Dave Chiluk description [Impact] * A security fix has been made available as part of intel-microcode * It is advisable to apply it * Thus an SRU of the latest intel-microcode is desirable for all stable releases [Test Case] * Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs * Reboot and verify no averse results, and/or that microcode for your cpu was loaded as expected. [Test case reporting] * Please paste the output of: dpkg-query -W intel-microcode grep -E 'model|stepping' /proc/cpuinfo | sort -u journalctl -k | grep microcode [Regression Potential] Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care. [Other] caml discussion describing test case to reproduce the crash. https://caml.inria.fr/mantis/view.php?id=7452 * I did not backport the full debian/changelog, as some of the changes were ommitted for SRU purposes, and I don't like the idea of modifying the changelog of others. * I did not backport this below change but I feel as though the SRU team should evaluate including it. I left it out due to the change as little as possible guidance from the SRU team. Additionally the microcode version that included this change was somewhere around 20111205. More information here https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr ''' # 0x206c2: Intel Westmere B1 (Xeon 3600, 5600, Core i7 2nd gen). # # When Intel released a fix for Intel SA-00030, they issued a MCU that # bumps the minimum acceptable version of the Intel TXT ACMs in the # TPM persistent storage. This permanently blacklists the vulnerable # ACMs *even on older microcode* in order to make it somewhat harder # to work around the security fix through a BIOS downgrade attack. # # It is possible that such a microcode update, when peformed by the # operating system, could sucessfully trigger the TPM persistent # storage update Intel intended to happen during firmware boot: we # simply don't know enough to rule it out. Should that happen, Intel # TXT will be permanently disabled. This could easily interact very # badly with the firmware, rendering the system unbootable. If *that* # happens, it would likely require either a TPM module replacement # (rendering sealed data useless) or a direct flash of a new BIOS with # updated ACMs, to repair. # # Blacklist updates for signature 0x206c2 as a safety net. IUC_EXCLUDE += -s !0x206c2 ''' * I versioned the packages 3.20170511.1~ubuntu<release> as I feel this more appropriately reflects the contents of each package rather than simply incrementing the ubuntu version number. ========================================================================= [Original bug report] NB: I am *not* directly affected by this bug. Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt: "This warning advisory is relevant for users of systems with the Intel processors code-named "Skylake" and "Kaby Lake". These are: the 6th and 7th generation Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as Xeon v5 and Xeon v6), as well as select Intel Pentium processor models. TL;DR: unfixed Skylake and Kaby Lake processors could, in some situations, dangerously misbehave when hyper-threading is enabled. Disable hyper-threading immediately in BIOS/UEFI to work around the problem. Read this advisory for instructions about an Intel-provided fix." It is probably a good idea to: (1) issue a warning to our users about this; (2) update intel-microcode on all our supported releases I leave the discussion on whether this can have security implications to others. [1] https://lists.debian.org/debian-devel/2017/06/msg00308.html ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: intel-microcode 3.20161104.1 ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15 Uname: Linux 4.10.0-24-generic x86_64 ApportVersion: 2.20.4-0ubuntu4.1 Architecture: amd64 CurrentDesktop: Unity:Unity7 Date: Sun Jun 25 10:14:19 2017 InstallationDate: Installed on 2017-05-26 (30 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: intel-microcode UpgradeStatus: No upgrade log present (probably fresh install) [Impact] * A security fix has been made available as part of intel-microcode * It is advisable to apply it * Thus an SRU of the latest intel-microcode is desirable for all stable releases [Test Case] * Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs * Reboot and verify no averse results, and/or that microcode for your cpu was loaded as expected. [Test case reporting] * Please paste the output of: dpkg-query -W intel-microcode grep -E 'model|stepping' /proc/cpuinfo | sort -u journalctl -k | grep microcode [Regression Potential] Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care. [Other] caml discussion describing test case to reproduce the crash. https://caml.inria.fr/mantis/view.php?id=7452 * I did not backport the full debian/changelog, as some of the changes were ommitted for SRU purposes, and I don't like the idea of modifying the changelog of others. * I did not backport this below change but I feel as though the SRU team should evaluate including it. I left it out due to the change as little as possible guidance from the SRU team. Additionally we have already been shipping the microcode version that included this change for a long time. More information here https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr ''' # 0x206c2: Intel Westmere B1 (Xeon 3600, 5600, Core i7 2nd gen). # # When Intel released a fix for Intel SA-00030, they issued a MCU that # bumps the minimum acceptable version of the Intel TXT ACMs in the # TPM persistent storage. This permanently blacklists the vulnerable # ACMs *even on older microcode* in order to make it somewhat harder # to work around the security fix through a BIOS downgrade attack. # # It is possible that such a microcode update, when peformed by the # operating system, could sucessfully trigger the TPM persistent # storage update Intel intended to happen during firmware boot: we # simply don't know enough to rule it out. Should that happen, Intel # TXT will be permanently disabled. This could easily interact very # badly with the firmware, rendering the system unbootable. If *that* # happens, it would likely require either a TPM module replacement # (rendering sealed data useless) or a direct flash of a new BIOS with # updated ACMs, to repair. # # Blacklist updates for signature 0x206c2 as a safety net. IUC_EXCLUDE += -s !0x206c2 ''' * I versioned the packages 3.20170511.1~ubuntu<release> as I feel this more appropriately reflects the contents of each package rather than simply incrementing the ubuntu version number. ========================================================================= [Original bug report] NB: I am *not* directly affected by this bug. Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt: "This warning advisory is relevant for users of systems with the Intel processors code-named "Skylake" and "Kaby Lake". These are: the 6th and 7th generation Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as Xeon v5 and Xeon v6), as well as select Intel Pentium processor models. TL;DR: unfixed Skylake and Kaby Lake processors could, in some situations, dangerously misbehave when hyper-threading is enabled. Disable hyper-threading immediately in BIOS/UEFI to work around the problem. Read this advisory for instructions about an Intel-provided fix." It is probably a good idea to: (1) issue a warning to our users about this; (2) update intel-microcode on all our supported releases I leave the discussion on whether this can have security implications to others. [1] https://lists.debian.org/debian-devel/2017/06/msg00308.html ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: intel-microcode 3.20161104.1 ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15 Uname: Linux 4.10.0-24-generic x86_64 ApportVersion: 2.20.4-0ubuntu4.1 Architecture: amd64 CurrentDesktop: Unity:Unity7 Date: Sun Jun 25 10:14:19 2017 InstallationDate: Installed on 2017-05-26 (30 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: intel-microcode UpgradeStatus: No upgrade log present (probably fresh install)
2017-07-18 10:33:47 Paul Menzel bug added subscriber Paul Menzel
2017-07-20 23:23:12 Arik bug added subscriber Arik
2017-07-21 05:15:23 Alan Eckhardt removed subscriber Alan Eckhardt
2017-07-22 18:52:41 Dmitrii Shcherbakov bug added subscriber Dmitrii Shcherbakov
2017-07-25 14:54:38 Fran Garcia bug added subscriber Fran Garcia
2017-07-26 07:58:20 Balz Schreier bug added subscriber Balz Schreier
2017-07-27 08:31:28 Paco Avila bug added subscriber Paco Avila
2017-07-27 10:25:49 Ivan Vanyushkin bug added subscriber Ivan Vanyushkin
2017-07-27 13:14:33 Robie Basak description [Impact] * A security fix has been made available as part of intel-microcode * It is advisable to apply it * Thus an SRU of the latest intel-microcode is desirable for all stable releases [Test Case] * Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs * Reboot and verify no averse results, and/or that microcode for your cpu was loaded as expected. [Test case reporting] * Please paste the output of: dpkg-query -W intel-microcode grep -E 'model|stepping' /proc/cpuinfo | sort -u journalctl -k | grep microcode [Regression Potential] Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care. [Other] caml discussion describing test case to reproduce the crash. https://caml.inria.fr/mantis/view.php?id=7452 * I did not backport the full debian/changelog, as some of the changes were ommitted for SRU purposes, and I don't like the idea of modifying the changelog of others. * I did not backport this below change but I feel as though the SRU team should evaluate including it. I left it out due to the change as little as possible guidance from the SRU team. Additionally we have already been shipping the microcode version that included this change for a long time. More information here https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr ''' # 0x206c2: Intel Westmere B1 (Xeon 3600, 5600, Core i7 2nd gen). # # When Intel released a fix for Intel SA-00030, they issued a MCU that # bumps the minimum acceptable version of the Intel TXT ACMs in the # TPM persistent storage. This permanently blacklists the vulnerable # ACMs *even on older microcode* in order to make it somewhat harder # to work around the security fix through a BIOS downgrade attack. # # It is possible that such a microcode update, when peformed by the # operating system, could sucessfully trigger the TPM persistent # storage update Intel intended to happen during firmware boot: we # simply don't know enough to rule it out. Should that happen, Intel # TXT will be permanently disabled. This could easily interact very # badly with the firmware, rendering the system unbootable. If *that* # happens, it would likely require either a TPM module replacement # (rendering sealed data useless) or a direct flash of a new BIOS with # updated ACMs, to repair. # # Blacklist updates for signature 0x206c2 as a safety net. IUC_EXCLUDE += -s !0x206c2 ''' * I versioned the packages 3.20170511.1~ubuntu<release> as I feel this more appropriately reflects the contents of each package rather than simply incrementing the ubuntu version number. ========================================================================= [Original bug report] NB: I am *not* directly affected by this bug. Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt: "This warning advisory is relevant for users of systems with the Intel processors code-named "Skylake" and "Kaby Lake". These are: the 6th and 7th generation Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as Xeon v5 and Xeon v6), as well as select Intel Pentium processor models. TL;DR: unfixed Skylake and Kaby Lake processors could, in some situations, dangerously misbehave when hyper-threading is enabled. Disable hyper-threading immediately in BIOS/UEFI to work around the problem. Read this advisory for instructions about an Intel-provided fix." It is probably a good idea to: (1) issue a warning to our users about this; (2) update intel-microcode on all our supported releases I leave the discussion on whether this can have security implications to others. [1] https://lists.debian.org/debian-devel/2017/06/msg00308.html ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: intel-microcode 3.20161104.1 ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15 Uname: Linux 4.10.0-24-generic x86_64 ApportVersion: 2.20.4-0ubuntu4.1 Architecture: amd64 CurrentDesktop: Unity:Unity7 Date: Sun Jun 25 10:14:19 2017 InstallationDate: Installed on 2017-05-26 (30 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: intel-microcode UpgradeStatus: No upgrade log present (probably fresh install) [Impact] * A security fix has been made available as part of intel-microcode * It is advisable to apply it * Thus an SRU of the latest intel-microcode is desirable for all stable releases [Test Case] * Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs * Reboot and verify no averse results, and/or that microcode for your cpu was loaded as expected. [Test case reporting] * Please paste the output of: dpkg-query -W intel-microcode grep -E 'model|stepping' /proc/cpuinfo | sort -u journalctl -k | grep microcode [Regression Potential] Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care. Additional notes from ~racb, wearing an ~ubuntu-sru hat: SRU verification needs to take care to consider CPUs actually tested. We should have a representative sample of CPUs tested in SRU verification reports before considering release to the updates pockets. Given the potential severity of regressions, we should keep this in the proposed pockets for longer than the usual minimum ageing period. Let's have users opt-in to this update first, and only recommend it once we confidence that a reasonable number (and representative CPU sample) of opted-in users have not hit any problems. Testers: please mark verification-done-* only after you consider that the above additional requirements have been met. [Other] caml discussion describing test case to reproduce the crash. https://caml.inria.fr/mantis/view.php?id=7452 * I did not backport the full debian/changelog, as some of the changes were ommitted for SRU purposes, and I don't like the idea of modifying the changelog of others. * I did not backport this below change but I feel as though the SRU team should evaluate including it. I left it out due to the change as little as possible guidance from the SRU team. Additionally we have already been shipping the microcode version that included this change for a long time. More information here https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr ''' # 0x206c2: Intel Westmere B1 (Xeon 3600, 5600, Core i7 2nd gen). # # When Intel released a fix for Intel SA-00030, they issued a MCU that # bumps the minimum acceptable version of the Intel TXT ACMs in the # TPM persistent storage. This permanently blacklists the vulnerable # ACMs *even on older microcode* in order to make it somewhat harder # to work around the security fix through a BIOS downgrade attack. # # It is possible that such a microcode update, when peformed by the # operating system, could sucessfully trigger the TPM persistent # storage update Intel intended to happen during firmware boot: we # simply don't know enough to rule it out. Should that happen, Intel # TXT will be permanently disabled. This could easily interact very # badly with the firmware, rendering the system unbootable. If *that* # happens, it would likely require either a TPM module replacement # (rendering sealed data useless) or a direct flash of a new BIOS with # updated ACMs, to repair. # # Blacklist updates for signature 0x206c2 as a safety net. IUC_EXCLUDE += -s !0x206c2 ''' * I versioned the packages 3.20170511.1~ubuntu<release> as I feel this more appropriately reflects the contents of each package rather than simply incrementing the ubuntu version number. ========================================================================= [Original bug report] NB: I am *not* directly affected by this bug. Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt: "This warning advisory is relevant for users of systems with the Intel processors code-named "Skylake" and "Kaby Lake". These are: the 6th and 7th generation Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as Xeon v5 and Xeon v6), as well as select Intel Pentium processor models. TL;DR: unfixed Skylake and Kaby Lake processors could, in some situations, dangerously misbehave when hyper-threading is enabled. Disable hyper-threading immediately in BIOS/UEFI to work around the problem. Read this advisory for instructions about an Intel-provided fix." It is probably a good idea to: (1) issue a warning to our users about this; (2) update intel-microcode on all our supported releases I leave the discussion on whether this can have security implications to others. [1] https://lists.debian.org/debian-devel/2017/06/msg00308.html ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: intel-microcode 3.20161104.1 ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15 Uname: Linux 4.10.0-24-generic x86_64 ApportVersion: 2.20.4-0ubuntu4.1 Architecture: amd64 CurrentDesktop: Unity:Unity7 Date: Sun Jun 25 10:14:19 2017 InstallationDate: Installed on 2017-05-26 (30 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: intel-microcode UpgradeStatus: No upgrade log present (probably fresh install)
2017-07-27 13:16:49 Robie Basak intel-microcode (Ubuntu Xenial): status Confirmed Fix Committed
2017-07-27 13:17:01 Robie Basak tags amd64 apport-bug lts verification-done-artful zesty amd64 apport-bug lts verification-done-artful verification-needed verification-needed-xenial zesty
2017-07-27 13:17:29 Robie Basak intel-microcode (Ubuntu Zesty): status Confirmed Fix Committed
2017-07-27 13:17:41 Robie Basak tags amd64 apport-bug lts verification-done-artful verification-needed verification-needed-xenial zesty amd64 apport-bug lts verification-done-artful verification-needed verification-needed-xenial verification-needed-zesty zesty
2017-07-27 13:17:48 Robie Basak intel-microcode (Ubuntu Yakkety): status Confirmed Won't Fix
2017-07-31 10:56:01 Martin Nowak bug added subscriber Martin Nowak
2017-07-31 15:03:28 Dave Chiluk bug watch added http://caml.inria.fr/mantis/view.php?id=7452
2017-07-31 21:32:38 Dave Chiluk description [Impact] * A security fix has been made available as part of intel-microcode * It is advisable to apply it * Thus an SRU of the latest intel-microcode is desirable for all stable releases [Test Case] * Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs * Reboot and verify no averse results, and/or that microcode for your cpu was loaded as expected. [Test case reporting] * Please paste the output of: dpkg-query -W intel-microcode grep -E 'model|stepping' /proc/cpuinfo | sort -u journalctl -k | grep microcode [Regression Potential] Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care. Additional notes from ~racb, wearing an ~ubuntu-sru hat: SRU verification needs to take care to consider CPUs actually tested. We should have a representative sample of CPUs tested in SRU verification reports before considering release to the updates pockets. Given the potential severity of regressions, we should keep this in the proposed pockets for longer than the usual minimum ageing period. Let's have users opt-in to this update first, and only recommend it once we confidence that a reasonable number (and representative CPU sample) of opted-in users have not hit any problems. Testers: please mark verification-done-* only after you consider that the above additional requirements have been met. [Other] caml discussion describing test case to reproduce the crash. https://caml.inria.fr/mantis/view.php?id=7452 * I did not backport the full debian/changelog, as some of the changes were ommitted for SRU purposes, and I don't like the idea of modifying the changelog of others. * I did not backport this below change but I feel as though the SRU team should evaluate including it. I left it out due to the change as little as possible guidance from the SRU team. Additionally we have already been shipping the microcode version that included this change for a long time. More information here https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr ''' # 0x206c2: Intel Westmere B1 (Xeon 3600, 5600, Core i7 2nd gen). # # When Intel released a fix for Intel SA-00030, they issued a MCU that # bumps the minimum acceptable version of the Intel TXT ACMs in the # TPM persistent storage. This permanently blacklists the vulnerable # ACMs *even on older microcode* in order to make it somewhat harder # to work around the security fix through a BIOS downgrade attack. # # It is possible that such a microcode update, when peformed by the # operating system, could sucessfully trigger the TPM persistent # storage update Intel intended to happen during firmware boot: we # simply don't know enough to rule it out. Should that happen, Intel # TXT will be permanently disabled. This could easily interact very # badly with the firmware, rendering the system unbootable. If *that* # happens, it would likely require either a TPM module replacement # (rendering sealed data useless) or a direct flash of a new BIOS with # updated ACMs, to repair. # # Blacklist updates for signature 0x206c2 as a safety net. IUC_EXCLUDE += -s !0x206c2 ''' * I versioned the packages 3.20170511.1~ubuntu<release> as I feel this more appropriately reflects the contents of each package rather than simply incrementing the ubuntu version number. ========================================================================= [Original bug report] NB: I am *not* directly affected by this bug. Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt: "This warning advisory is relevant for users of systems with the Intel processors code-named "Skylake" and "Kaby Lake". These are: the 6th and 7th generation Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as Xeon v5 and Xeon v6), as well as select Intel Pentium processor models. TL;DR: unfixed Skylake and Kaby Lake processors could, in some situations, dangerously misbehave when hyper-threading is enabled. Disable hyper-threading immediately in BIOS/UEFI to work around the problem. Read this advisory for instructions about an Intel-provided fix." It is probably a good idea to: (1) issue a warning to our users about this; (2) update intel-microcode on all our supported releases I leave the discussion on whether this can have security implications to others. [1] https://lists.debian.org/debian-devel/2017/06/msg00308.html ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: intel-microcode 3.20161104.1 ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15 Uname: Linux 4.10.0-24-generic x86_64 ApportVersion: 2.20.4-0ubuntu4.1 Architecture: amd64 CurrentDesktop: Unity:Unity7 Date: Sun Jun 25 10:14:19 2017 InstallationDate: Installed on 2017-05-26 (30 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: intel-microcode UpgradeStatus: No upgrade log present (probably fresh install) [Impact] * A security fix has been made available as part of intel-microcode * It is advisable to apply it * Thus an SRU of the latest intel-microcode is desirable for all stable releases [Test Case] * Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs * Reboot and verify no averse results, and/or that microcode for your cpu was loaded as expected. * Ocaml crash reproducer Download report.tar.gz from https://caml.inria.fr/mantis/view.php?id=7452 and place in your schroot scratch directory. $ mk-sbuild artful --arch=amd64 $ schroot -c artful -u root // Artful was chosen as it contains the required versions of Ocaml for the reproducer. $ apt install ocaml opam ocaml-findlib m4 $ opam init $ opam install extprot $ eval `opam config env` $ while ocamlfind opt -c -g -bin-annot -ccopt -g -ccopt -O2 -ccopt -Wextra -ccopt '-Wstrict-overflow=5' -thread -w +a-4-40..42-44-45-48-58 -w -27-32 -package extprot test.ml -o test.cmx; do echo "ok"; done [Test case reporting] * Please paste the output of: dpkg-query -W intel-microcode grep -E 'model|stepping' /proc/cpuinfo | sort -u journalctl -k | grep microcode [Regression Potential] Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care. Additional notes from ~racb, wearing an ~ubuntu-sru hat: SRU verification needs to take care to consider CPUs actually tested. We should have a representative sample of CPUs tested in SRU verification reports before considering release to the updates pockets. Given the potential severity of regressions, we should keep this in the proposed pockets for longer than the usual minimum ageing period. Let's have users opt-in to this update first, and only recommend it once we confidence that a reasonable number (and representative CPU sample) of opted-in users have not hit any problems. Testers: please mark verification-done-* only after you consider that the above additional requirements have been met. [Other] caml discussion describing test case to reproduce the crash. https://caml.inria.fr/mantis/view.php?id=7452 * I did not backport the full debian/changelog, as some of the changes were ommitted for SRU purposes, and I don't like the idea of modifying the changelog of others. * I did not backport this below change but I feel as though the SRU team should evaluate including it. I left it out due to the change as little as possible guidance from the SRU team. Additionally we have already been shipping the microcode version that included this change for a long time. More information here https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr ''' # 0x206c2: Intel Westmere B1 (Xeon 3600, 5600, Core i7 2nd gen). # # When Intel released a fix for Intel SA-00030, they issued a MCU that # bumps the minimum acceptable version of the Intel TXT ACMs in the # TPM persistent storage. This permanently blacklists the vulnerable # ACMs *even on older microcode* in order to make it somewhat harder # to work around the security fix through a BIOS downgrade attack. # # It is possible that such a microcode update, when peformed by the # operating system, could sucessfully trigger the TPM persistent # storage update Intel intended to happen during firmware boot: we # simply don't know enough to rule it out. Should that happen, Intel # TXT will be permanently disabled. This could easily interact very # badly with the firmware, rendering the system unbootable. If *that* # happens, it would likely require either a TPM module replacement # (rendering sealed data useless) or a direct flash of a new BIOS with # updated ACMs, to repair. # # Blacklist updates for signature 0x206c2 as a safety net. IUC_EXCLUDE += -s !0x206c2 ''' * I versioned the packages 3.20170511.1~ubuntu<release> as I feel this more appropriately reflects the contents of each package rather than simply incrementing the ubuntu version number. ========================================================================= [Original bug report] NB: I am *not* directly affected by this bug. Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt: "This warning advisory is relevant for users of systems with the Intel processors code-named "Skylake" and "Kaby Lake". These are: the 6th and 7th generation Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as Xeon v5 and Xeon v6), as well as select Intel Pentium processor models. TL;DR: unfixed Skylake and Kaby Lake processors could, in some situations, dangerously misbehave when hyper-threading is enabled. Disable hyper-threading immediately in BIOS/UEFI to work around the problem. Read this advisory for instructions about an Intel-provided fix." It is probably a good idea to: (1) issue a warning to our users about this; (2) update intel-microcode on all our supported releases I leave the discussion on whether this can have security implications to others. [1] https://lists.debian.org/debian-devel/2017/06/msg00308.html ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: intel-microcode 3.20161104.1 ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15 Uname: Linux 4.10.0-24-generic x86_64 ApportVersion: 2.20.4-0ubuntu4.1 Architecture: amd64 CurrentDesktop: Unity:Unity7 Date: Sun Jun 25 10:14:19 2017 InstallationDate: Installed on 2017-05-26 (30 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: intel-microcode UpgradeStatus: No upgrade log present (probably fresh install)
2017-07-31 21:32:51 Dave Chiluk tags amd64 apport-bug lts verification-done-artful verification-needed verification-needed-xenial verification-needed-zesty zesty amd64 apport-bug lts verification-done-artful verification-done-xenial verification-needed verification-needed-zesty zesty
2017-08-02 00:52:14 Dave Chiluk tags amd64 apport-bug lts verification-done-artful verification-done-xenial verification-needed verification-needed-zesty zesty amd64 apport-bug lts verification-done verification-done-artful verification-done-xenial verification-done-zesty zesty
2017-08-02 00:53:59 Dave Chiluk intel-microcode (Ubuntu Yakkety): assignee Dave Chiluk (chiluk)
2017-08-07 13:50:52 Alexander Browne removed subscriber Alexander Browne
2017-08-17 18:10:46 Simon Déziel bug added subscriber Simon Déziel
2017-08-18 08:35:35 Wolfgang Ebner bug added subscriber Wolfgang Ebner
2017-08-22 08:47:21 Stefan Huehner bug added subscriber Stefan Huehner
2017-08-23 00:24:28 Launchpad Janitor intel-microcode (Ubuntu Xenial): status Fix Committed Fix Released
2017-08-23 00:24:50 Launchpad Janitor intel-microcode (Ubuntu Zesty): status Fix Committed Fix Released
2017-11-02 11:11:21 hirose31 bug added subscriber hirose31
2017-11-26 10:36:51 Tony Karlsson removed subscriber Tony Karlsson
2017-12-19 12:03:35 linuxar bug added subscriber linuxar
2018-01-11 18:58:13 Launchpad Janitor intel-microcode (Ubuntu Trusty): status Won't Fix Fix Released