| 2017-06-25 15:29:40 |
C de-Avillez |
bug |
|
|
added bug |
| 2017-06-25 15:37:01 |
Robie Basak |
bug |
|
|
added subscriber Robie Basak |
| 2017-06-25 15:43:57 |
Launchpad Janitor |
intel-microcode (Ubuntu): status |
New |
Confirmed |
|
| 2017-06-25 16:01:36 |
Logan V |
bug |
|
|
added subscriber Logan V |
| 2017-06-25 16:19:23 |
Jeremy Bícha |
nominated for series |
|
Ubuntu Xenial |
|
| 2017-06-25 16:19:23 |
Jeremy Bícha |
bug task added |
|
intel-microcode (Ubuntu Xenial) |
|
| 2017-06-25 16:19:23 |
Jeremy Bícha |
nominated for series |
|
Ubuntu Zesty |
|
| 2017-06-25 16:19:23 |
Jeremy Bícha |
bug task added |
|
intel-microcode (Ubuntu Zesty) |
|
| 2017-06-25 16:19:23 |
Jeremy Bícha |
nominated for series |
|
Ubuntu Yakkety |
|
| 2017-06-25 16:19:23 |
Jeremy Bícha |
bug task added |
|
intel-microcode (Ubuntu Yakkety) |
|
| 2017-06-25 16:19:33 |
Launchpad Janitor |
intel-microcode (Ubuntu Xenial): status |
New |
Confirmed |
|
| 2017-06-25 16:19:33 |
Launchpad Janitor |
intel-microcode (Ubuntu Yakkety): status |
New |
Confirmed |
|
| 2017-06-25 16:19:33 |
Launchpad Janitor |
intel-microcode (Ubuntu Zesty): status |
New |
Confirmed |
|
| 2017-06-25 16:19:54 |
Jeremy Bícha |
bug |
|
|
added subscriber Jeremy Bicha |
| 2017-06-25 17:35:55 |
Olivier Duclos |
bug |
|
|
added subscriber Olivier Duclos |
| 2017-06-25 17:59:52 |
Kostadin Stoilov |
bug |
|
|
added subscriber Kostadin Stoilov |
| 2017-06-25 18:36:09 |
Alexander Browne |
bug |
|
|
added subscriber Alexander Browne |
| 2017-06-25 18:48:27 |
Scott |
bug |
|
|
added subscriber Scott |
| 2017-06-25 18:52:11 |
Alexander E. Patrakov |
bug |
|
|
added subscriber Alexander E. Patrakov |
| 2017-06-25 19:46:21 |
Manuel Grabowski |
bug |
|
|
added subscriber Manuel Grabowski |
| 2017-06-25 21:44:30 |
Vinson Lee |
bug |
|
|
added subscriber Vinson Lee |
| 2017-06-25 22:06:29 |
asavah |
bug |
|
|
added subscriber asavah |
| 2017-06-26 04:22:58 |
Anthony Wong |
bug |
|
|
added subscriber Anthony Wong |
| 2017-06-26 04:55:05 |
nobody |
bug |
|
|
added subscriber nirfse |
| 2017-06-26 09:00:20 |
Simone Baruzza |
bug |
|
|
added subscriber Simone Baruzza |
| 2017-06-26 09:30:48 |
Andrew Hayzen |
bug |
|
|
added subscriber Andrew Hayzen |
| 2017-06-26 09:41:58 |
Dimitri John Ledkov |
nominated for series |
|
Ubuntu Artful |
|
| 2017-06-26 09:41:58 |
Dimitri John Ledkov |
bug task added |
|
intel-microcode (Ubuntu Artful) |
|
| 2017-06-26 09:42:06 |
Dimitri John Ledkov |
intel-microcode (Ubuntu Artful): status |
Confirmed |
Fix Released |
|
| 2017-06-26 10:17:53 |
Jacobo García |
bug task added |
|
intel |
|
| 2017-06-26 10:18:40 |
Jacobo García |
bug task deleted |
intel |
|
|
| 2017-06-26 10:19:03 |
Jacobo García |
bug |
|
|
added subscriber Jacobo García |
| 2017-06-26 12:08:47 |
Markus Schade |
bug |
|
|
added subscriber Markus Schade |
| 2017-06-26 12:40:02 |
Edwin Khoo |
bug |
|
|
added subscriber Edwin Khoo |
| 2017-06-26 13:25:10 |
Matthias Geerdsen |
bug |
|
|
added subscriber Matthias Geerdsen |
| 2017-06-26 15:19:49 |
Dimitri John Ledkov |
description |
NB: I am *not* directly affected by this bug.
Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt:
"This warning advisory is relevant for users of systems with the Intel
processors code-named "Skylake" and "Kaby Lake". These are: the 6th and
7th generation Intel Core processors (desktop, embedded, mobile and
HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
well as select Intel Pentium processor models.
TL;DR: unfixed Skylake and Kaby Lake processors could, in some
situations, dangerously misbehave when hyper-threading is enabled.
Disable hyper-threading immediately in BIOS/UEFI to work around the
problem. Read this advisory for instructions about an Intel-provided
fix."
It is probably a good idea to:
(1) issue a warning to our users about this;
(2) update intel-microcode on all our supported releases
I leave the discussion on whether this can have security implications to others.
[1] https://lists.debian.org/debian-devel/2017/06/msg00308.html
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: intel-microcode 3.20161104.1
ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15
Uname: Linux 4.10.0-24-generic x86_64
ApportVersion: 2.20.4-0ubuntu4.1
Architecture: amd64
CurrentDesktop: Unity:Unity7
Date: Sun Jun 25 10:14:19 2017
InstallationDate: Installed on 2017-05-26 (30 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
SourcePackage: intel-microcode
UpgradeStatus: No upgrade log present (probably fresh install) |
[Impact]
* A security fix has been made available as part of intel-microcode
* It is advisable to apply it
* Thus an SRU of the latest intel-microcode is desirable for all stable releases
[Test Case]
* Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs
* Reboot and verify no averse results, and/or that microcode for your cpu was loaded by expecting
[Test case reporting]
* Please paste the output of:
dpkg-query -W intel-microcode
journalctl -k | grep microcode
[Regression Potential]
Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care.
[Original bug report]
NB: I am *not* directly affected by this bug.
Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt:
"This warning advisory is relevant for users of systems with the Intel
processors code-named "Skylake" and "Kaby Lake". These are: the 6th and
7th generation Intel Core processors (desktop, embedded, mobile and
HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
well as select Intel Pentium processor models.
TL;DR: unfixed Skylake and Kaby Lake processors could, in some
situations, dangerously misbehave when hyper-threading is enabled.
Disable hyper-threading immediately in BIOS/UEFI to work around the
problem. Read this advisory for instructions about an Intel-provided
fix."
It is probably a good idea to:
(1) issue a warning to our users about this;
(2) update intel-microcode on all our supported releases
I leave the discussion on whether this can have security implications to others.
[1] https://lists.debian.org/debian-devel/2017/06/msg00308.html
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: intel-microcode 3.20161104.1
ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15
Uname: Linux 4.10.0-24-generic x86_64
ApportVersion: 2.20.4-0ubuntu4.1
Architecture: amd64
CurrentDesktop: Unity:Unity7
Date: Sun Jun 25 10:14:19 2017
InstallationDate: Installed on 2017-05-26 (30 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
SourcePackage: intel-microcode
UpgradeStatus: No upgrade log present (probably fresh install) |
|
| 2017-06-26 15:23:12 |
Benjamin Frisch |
bug |
|
|
added subscriber Benjamin Frisch |
| 2017-06-26 15:26:34 |
Dimitri John Ledkov |
intel-microcode (Ubuntu Zesty): assignee |
|
Dimitri John Ledkov (xnox) |
|
| 2017-06-26 15:26:36 |
Dimitri John Ledkov |
intel-microcode (Ubuntu Yakkety): assignee |
|
Dimitri John Ledkov (xnox) |
|
| 2017-06-26 15:26:38 |
Dimitri John Ledkov |
intel-microcode (Ubuntu Xenial): assignee |
|
Dimitri John Ledkov (xnox) |
|
| 2017-06-26 15:26:41 |
Dimitri John Ledkov |
intel-microcode (Ubuntu Zesty): status |
Confirmed |
In Progress |
|
| 2017-06-26 15:26:43 |
Dimitri John Ledkov |
intel-microcode (Ubuntu Yakkety): status |
Confirmed |
In Progress |
|
| 2017-06-26 15:26:45 |
Dimitri John Ledkov |
intel-microcode (Ubuntu Xenial): status |
Confirmed |
In Progress |
|
| 2017-06-26 15:52:55 |
Marat Khalili |
bug |
|
|
added subscriber Marat Khalili |
| 2017-06-26 16:16:07 |
Emmanuel Rodriguez |
bug |
|
|
added subscriber Emmanuel Rodriguez |
| 2017-06-26 16:29:34 |
Calvin Leung |
bug |
|
|
added subscriber Calvin Leung |
| 2017-06-26 18:51:40 |
Marc Zankl |
bug |
|
|
added subscriber Marc Zankl |
| 2017-06-26 19:18:38 |
Mark Rijckenberg |
bug |
|
|
added subscriber Mark Rijckenberg |
| 2017-06-26 22:17:02 |
Robie Basak |
nominated for series |
|
Ubuntu Trusty |
|
| 2017-06-26 22:17:02 |
Robie Basak |
bug task added |
|
intel-microcode (Ubuntu Trusty) |
|
| 2017-06-26 22:27:23 |
Alexander Browne |
removed subscriber Alexander Browne |
|
|
|
| 2017-06-26 22:27:25 |
Alexander Browne |
bug |
|
|
added subscriber Alexander Browne |
| 2017-06-26 22:31:07 |
Launchpad Janitor |
intel-microcode (Ubuntu Trusty): status |
New |
Confirmed |
|
| 2017-06-27 01:02:44 |
Nobuto Murata |
bug |
|
|
added subscriber Nobuto Murata |
| 2017-06-27 05:43:23 |
Marc Zankl |
removed subscriber Marc Zankl |
|
|
|
| 2017-06-27 10:55:55 |
schamane |
bug |
|
|
added subscriber schamane |
| 2017-06-27 11:10:56 |
Matthieu Poullet |
bug |
|
|
added subscriber Matthieu Poullet |
| 2017-06-27 13:55:51 |
Matthew L. Dailey |
bug |
|
|
added subscriber Matthew L. Dailey |
| 2017-06-27 18:03:30 |
Byte Commander |
bug |
|
|
added subscriber Byte Commander |
| 2017-06-27 20:37:24 |
Dave Chiluk |
bug |
|
|
added subscriber Dave Chiluk |
| 2017-06-28 09:15:21 |
dorpm |
bug |
|
|
added subscriber dorpm |
| 2017-06-28 09:19:32 |
Dimitri John Ledkov |
intel-microcode (Ubuntu Zesty): assignee |
Dimitri John Ledkov (xnox) |
|
|
| 2017-06-28 09:19:36 |
Dimitri John Ledkov |
intel-microcode (Ubuntu Xenial): assignee |
Dimitri John Ledkov (xnox) |
|
|
| 2017-06-28 09:19:38 |
Dimitri John Ledkov |
intel-microcode (Ubuntu Yakkety): assignee |
Dimitri John Ledkov (xnox) |
|
|
| 2017-06-28 09:19:42 |
Dimitri John Ledkov |
intel-microcode (Ubuntu Yakkety): status |
In Progress |
Confirmed |
|
| 2017-06-28 09:19:45 |
Dimitri John Ledkov |
intel-microcode (Ubuntu Xenial): status |
In Progress |
Confirmed |
|
| 2017-06-28 09:19:48 |
Dimitri John Ledkov |
intel-microcode (Ubuntu Zesty): status |
In Progress |
Confirmed |
|
| 2017-06-28 10:03:01 |
Robie Basak |
description |
[Impact]
* A security fix has been made available as part of intel-microcode
* It is advisable to apply it
* Thus an SRU of the latest intel-microcode is desirable for all stable releases
[Test Case]
* Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs
* Reboot and verify no averse results, and/or that microcode for your cpu was loaded by expecting
[Test case reporting]
* Please paste the output of:
dpkg-query -W intel-microcode
journalctl -k | grep microcode
[Regression Potential]
Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care.
[Original bug report]
NB: I am *not* directly affected by this bug.
Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt:
"This warning advisory is relevant for users of systems with the Intel
processors code-named "Skylake" and "Kaby Lake". These are: the 6th and
7th generation Intel Core processors (desktop, embedded, mobile and
HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
well as select Intel Pentium processor models.
TL;DR: unfixed Skylake and Kaby Lake processors could, in some
situations, dangerously misbehave when hyper-threading is enabled.
Disable hyper-threading immediately in BIOS/UEFI to work around the
problem. Read this advisory for instructions about an Intel-provided
fix."
It is probably a good idea to:
(1) issue a warning to our users about this;
(2) update intel-microcode on all our supported releases
I leave the discussion on whether this can have security implications to others.
[1] https://lists.debian.org/debian-devel/2017/06/msg00308.html
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: intel-microcode 3.20161104.1
ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15
Uname: Linux 4.10.0-24-generic x86_64
ApportVersion: 2.20.4-0ubuntu4.1
Architecture: amd64
CurrentDesktop: Unity:Unity7
Date: Sun Jun 25 10:14:19 2017
InstallationDate: Installed on 2017-05-26 (30 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
SourcePackage: intel-microcode
UpgradeStatus: No upgrade log present (probably fresh install) |
[Impact]
* A security fix has been made available as part of intel-microcode
* It is advisable to apply it
* Thus an SRU of the latest intel-microcode is desirable for all stable releases
[Test Case]
* Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs
* Reboot and verify no averse results, and/or that microcode for your cpu was loaded by expecting
[Test case reporting]
* Please paste the output of:
dpkg-query -W intel-microcode
grep -E 'model|stepping' /proc/cpuinfo | sort -u
journalctl -k | grep microcode
[Regression Potential]
Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care.
[Original bug report]
NB: I am *not* directly affected by this bug.
Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt:
"This warning advisory is relevant for users of systems with the Intel
processors code-named "Skylake" and "Kaby Lake". These are: the 6th and
7th generation Intel Core processors (desktop, embedded, mobile and
HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
well as select Intel Pentium processor models.
TL;DR: unfixed Skylake and Kaby Lake processors could, in some
situations, dangerously misbehave when hyper-threading is enabled.
Disable hyper-threading immediately in BIOS/UEFI to work around the
problem. Read this advisory for instructions about an Intel-provided
fix."
It is probably a good idea to:
(1) issue a warning to our users about this;
(2) update intel-microcode on all our supported releases
I leave the discussion on whether this can have security implications to others.
[1] https://lists.debian.org/debian-devel/2017/06/msg00308.html
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: intel-microcode 3.20161104.1
ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15
Uname: Linux 4.10.0-24-generic x86_64
ApportVersion: 2.20.4-0ubuntu4.1
Architecture: amd64
CurrentDesktop: Unity:Unity7
Date: Sun Jun 25 10:14:19 2017
InstallationDate: Installed on 2017-05-26 (30 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
SourcePackage: intel-microcode
UpgradeStatus: No upgrade log present (probably fresh install) |
|
| 2017-06-28 10:07:54 |
Robie Basak |
intel-microcode (Ubuntu Zesty): status |
Confirmed |
Fix Committed |
|
| 2017-06-28 10:07:56 |
Robie Basak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2017-06-28 10:07:57 |
Robie Basak |
bug |
|
|
added subscriber SRU Verification |
| 2017-06-28 10:08:08 |
Robie Basak |
tags |
amd64 apport-bug zesty |
amd64 apport-bug verification-needed verification-needed-zesty zesty |
|
| 2017-06-28 10:41:36 |
Michael Kofler |
bug |
|
|
added subscriber Michael Kofler |
| 2017-06-28 11:09:57 |
Nicolas Peifer |
bug |
|
|
added subscriber Nicolas Peifer |
| 2017-06-28 13:07:39 |
Marcos Alano |
bug |
|
|
added subscriber Marcos Alano |
| 2017-06-28 17:42:32 |
Eugene San |
tags |
amd64 apport-bug verification-needed verification-needed-zesty zesty |
amd64 apport-bug lts verification-needed verification-needed-zesty zesty |
|
| 2017-06-28 17:45:16 |
Eugene San |
summary |
Please update microcode to version 20170511 on all supported platforms |
intel-microcode should be updated, version 20170511 fixes severe errata on 6th and 7th generation platforms |
|
| 2017-06-28 17:46:25 |
Eugene San |
summary |
intel-microcode should be updated, version 20170511 fixes severe errata on 6th and 7th generation platforms |
intel-microcode should be updated for LTS releases, version 20170511 fixes severe errata on 6th and 7th generation platforms |
|
| 2017-06-29 08:59:33 |
Robie Basak |
summary |
intel-microcode should be updated for LTS releases, version 20170511 fixes severe errata on 6th and 7th generation platforms |
intel-microcode is out of date, version 20170511 fixes severe errata on 6th and 7th generation platforms |
|
| 2017-06-29 09:01:08 |
Robie Basak |
summary |
intel-microcode is out of date, version 20170511 fixes severe errata on 6th and 7th generation platforms |
intel-microcode is out of date, version 20170511 fixes errata on 6th and 7th generation platforms |
|
| 2017-06-29 15:50:23 |
Dave Chiluk |
intel-microcode (Ubuntu Yakkety): assignee |
|
Dave Chiluk (chiluk) |
|
| 2017-06-29 15:50:25 |
Dave Chiluk |
intel-microcode (Ubuntu Xenial): assignee |
|
Dave Chiluk (chiluk) |
|
| 2017-07-01 12:22:05 |
Török Edwin |
bug |
|
|
added subscriber Török Edwin |
| 2017-07-01 12:33:45 |
Török Edwin |
tags |
amd64 apport-bug lts verification-needed verification-needed-zesty zesty |
amd64 apport-bug lts verification-done-zesty verification-needed zesty |
|
| 2017-07-03 07:55:14 |
Andy Li |
bug |
|
|
added subscriber Andy Li |
| 2017-07-03 22:20:19 |
Dave Chiluk |
description |
[Impact]
* A security fix has been made available as part of intel-microcode
* It is advisable to apply it
* Thus an SRU of the latest intel-microcode is desirable for all stable releases
[Test Case]
* Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs
* Reboot and verify no averse results, and/or that microcode for your cpu was loaded by expecting
[Test case reporting]
* Please paste the output of:
dpkg-query -W intel-microcode
grep -E 'model|stepping' /proc/cpuinfo | sort -u
journalctl -k | grep microcode
[Regression Potential]
Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care.
[Original bug report]
NB: I am *not* directly affected by this bug.
Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt:
"This warning advisory is relevant for users of systems with the Intel
processors code-named "Skylake" and "Kaby Lake". These are: the 6th and
7th generation Intel Core processors (desktop, embedded, mobile and
HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
well as select Intel Pentium processor models.
TL;DR: unfixed Skylake and Kaby Lake processors could, in some
situations, dangerously misbehave when hyper-threading is enabled.
Disable hyper-threading immediately in BIOS/UEFI to work around the
problem. Read this advisory for instructions about an Intel-provided
fix."
It is probably a good idea to:
(1) issue a warning to our users about this;
(2) update intel-microcode on all our supported releases
I leave the discussion on whether this can have security implications to others.
[1] https://lists.debian.org/debian-devel/2017/06/msg00308.html
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: intel-microcode 3.20161104.1
ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15
Uname: Linux 4.10.0-24-generic x86_64
ApportVersion: 2.20.4-0ubuntu4.1
Architecture: amd64
CurrentDesktop: Unity:Unity7
Date: Sun Jun 25 10:14:19 2017
InstallationDate: Installed on 2017-05-26 (30 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
SourcePackage: intel-microcode
UpgradeStatus: No upgrade log present (probably fresh install) |
[Impact]
* A security fix has been made available as part of intel-microcode
* It is advisable to apply it
* Thus an SRU of the latest intel-microcode is desirable for all stable releases
[Test Case]
* Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs
* Reboot and verify no averse results, and/or that microcode for your cpu was loaded as expected.
[Test case reporting]
* Please paste the output of:
dpkg-query -W intel-microcode
grep -E 'model|stepping' /proc/cpuinfo | sort -u
journalctl -k | grep microcode
[Regression Potential]
Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care.
[Other]
caml discussion describing test case to reproduce the crash.
https://caml.inria.fr/mantis/view.php?id=7452
=========================================================================
[Original bug report]
NB: I am *not* directly affected by this bug.
Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt:
"This warning advisory is relevant for users of systems with the Intel
processors code-named "Skylake" and "Kaby Lake". These are: the 6th and
7th generation Intel Core processors (desktop, embedded, mobile and
HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
well as select Intel Pentium processor models.
TL;DR: unfixed Skylake and Kaby Lake processors could, in some
situations, dangerously misbehave when hyper-threading is enabled.
Disable hyper-threading immediately in BIOS/UEFI to work around the
problem. Read this advisory for instructions about an Intel-provided
fix."
It is probably a good idea to:
(1) issue a warning to our users about this;
(2) update intel-microcode on all our supported releases
I leave the discussion on whether this can have security implications to others.
[1] https://lists.debian.org/debian-devel/2017/06/msg00308.html
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: intel-microcode 3.20161104.1
ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15
Uname: Linux 4.10.0-24-generic x86_64
ApportVersion: 2.20.4-0ubuntu4.1
Architecture: amd64
CurrentDesktop: Unity:Unity7
Date: Sun Jun 25 10:14:19 2017
InstallationDate: Installed on 2017-05-26 (30 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
SourcePackage: intel-microcode
UpgradeStatus: No upgrade log present (probably fresh install) |
|
| 2017-07-03 22:20:37 |
Dave Chiluk |
intel-microcode (Ubuntu Trusty): status |
Confirmed |
Won't Fix |
|
| 2017-07-04 00:23:22 |
Haw Loeung |
bug |
|
|
added subscriber Haw Loeung |
| 2017-07-07 03:27:05 |
Pablo Cabrera |
bug |
|
|
added subscriber Pablo Cabrera |
| 2017-07-10 09:45:31 |
Launchpad Janitor |
intel-microcode (Ubuntu Zesty): status |
Fix Committed |
Fix Released |
|
| 2017-07-10 09:45:35 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2017-07-10 13:51:51 |
paz |
bug |
|
|
added subscriber paz |
| 2017-07-10 16:48:56 |
Dave Chiluk |
description |
[Impact]
* A security fix has been made available as part of intel-microcode
* It is advisable to apply it
* Thus an SRU of the latest intel-microcode is desirable for all stable releases
[Test Case]
* Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs
* Reboot and verify no averse results, and/or that microcode for your cpu was loaded as expected.
[Test case reporting]
* Please paste the output of:
dpkg-query -W intel-microcode
grep -E 'model|stepping' /proc/cpuinfo | sort -u
journalctl -k | grep microcode
[Regression Potential]
Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care.
[Other]
caml discussion describing test case to reproduce the crash.
https://caml.inria.fr/mantis/view.php?id=7452
=========================================================================
[Original bug report]
NB: I am *not* directly affected by this bug.
Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt:
"This warning advisory is relevant for users of systems with the Intel
processors code-named "Skylake" and "Kaby Lake". These are: the 6th and
7th generation Intel Core processors (desktop, embedded, mobile and
HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
well as select Intel Pentium processor models.
TL;DR: unfixed Skylake and Kaby Lake processors could, in some
situations, dangerously misbehave when hyper-threading is enabled.
Disable hyper-threading immediately in BIOS/UEFI to work around the
problem. Read this advisory for instructions about an Intel-provided
fix."
It is probably a good idea to:
(1) issue a warning to our users about this;
(2) update intel-microcode on all our supported releases
I leave the discussion on whether this can have security implications to others.
[1] https://lists.debian.org/debian-devel/2017/06/msg00308.html
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: intel-microcode 3.20161104.1
ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15
Uname: Linux 4.10.0-24-generic x86_64
ApportVersion: 2.20.4-0ubuntu4.1
Architecture: amd64
CurrentDesktop: Unity:Unity7
Date: Sun Jun 25 10:14:19 2017
InstallationDate: Installed on 2017-05-26 (30 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
SourcePackage: intel-microcode
UpgradeStatus: No upgrade log present (probably fresh install) |
[Impact]
* A security fix has been made available as part of intel-microcode
* It is advisable to apply it
* Thus an SRU of the latest intel-microcode is desirable for all stable releases
[Test Case]
* Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs
* Reboot and verify no averse results, and/or that microcode for your cpu was loaded as expected.
[Test case reporting]
* Please paste the output of:
dpkg-query -W intel-microcode
grep -E 'model|stepping' /proc/cpuinfo | sort -u
journalctl -k | grep microcode
[Regression Potential]
Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care.
[Other]
caml discussion describing test case to reproduce the crash.
https://caml.inria.fr/mantis/view.php?id=7452
* I did not backport the full debian/changelog, as some of the changes were ommitted for SRU purposes, and I don't like the idea of modifying the changelog of others.
* I did not backport this below change but I feel as though the SRU team should evaluate including it. I left it out due to the change as little as possible guidance from the SRU team. Additionally the microcode version that included this change was somewhere around 20111205. More information here
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr
'''
# 0x206c2: Intel Westmere B1 (Xeon 3600, 5600, Core i7 2nd gen).
#
# When Intel released a fix for Intel SA-00030, they issued a MCU that
# bumps the minimum acceptable version of the Intel TXT ACMs in the
# TPM persistent storage. This permanently blacklists the vulnerable
# ACMs *even on older microcode* in order to make it somewhat harder
# to work around the security fix through a BIOS downgrade attack.
#
# It is possible that such a microcode update, when peformed by the
# operating system, could sucessfully trigger the TPM persistent
# storage update Intel intended to happen during firmware boot: we
# simply don't know enough to rule it out. Should that happen, Intel
# TXT will be permanently disabled. This could easily interact very
# badly with the firmware, rendering the system unbootable. If *that*
# happens, it would likely require either a TPM module replacement
# (rendering sealed data useless) or a direct flash of a new BIOS with
# updated ACMs, to repair.
#
# Blacklist updates for signature 0x206c2 as a safety net.
IUC_EXCLUDE += -s !0x206c2
'''
* I versioned the packages 3.20170511.1~ubuntu<release> as I feel this more appropriately reflects the contents of each package rather than simply incrementing the ubuntu version number.
=========================================================================
[Original bug report]
NB: I am *not* directly affected by this bug.
Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt:
"This warning advisory is relevant for users of systems with the Intel
processors code-named "Skylake" and "Kaby Lake". These are: the 6th and
7th generation Intel Core processors (desktop, embedded, mobile and
HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
well as select Intel Pentium processor models.
TL;DR: unfixed Skylake and Kaby Lake processors could, in some
situations, dangerously misbehave when hyper-threading is enabled.
Disable hyper-threading immediately in BIOS/UEFI to work around the
problem. Read this advisory for instructions about an Intel-provided
fix."
It is probably a good idea to:
(1) issue a warning to our users about this;
(2) update intel-microcode on all our supported releases
I leave the discussion on whether this can have security implications to others.
[1] https://lists.debian.org/debian-devel/2017/06/msg00308.html
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: intel-microcode 3.20161104.1
ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15
Uname: Linux 4.10.0-24-generic x86_64
ApportVersion: 2.20.4-0ubuntu4.1
Architecture: amd64
CurrentDesktop: Unity:Unity7
Date: Sun Jun 25 10:14:19 2017
InstallationDate: Installed on 2017-05-26 (30 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
SourcePackage: intel-microcode
UpgradeStatus: No upgrade log present (probably fresh install) |
|
| 2017-07-13 03:21:09 |
Dave Chiluk |
intel-microcode (Ubuntu Zesty): status |
Fix Released |
Confirmed |
|
| 2017-07-13 03:21:13 |
Dave Chiluk |
intel-microcode (Ubuntu Zesty): assignee |
|
Dave Chiluk (chiluk) |
|
| 2017-07-13 03:21:54 |
Dave Chiluk |
tags |
amd64 apport-bug lts verification-done-zesty verification-needed zesty |
amd64 apport-bug lts verification-done-artful zesty |
|
| 2017-07-13 05:15:56 |
Dave Chiluk |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2017-07-13 05:17:02 |
Dave Chiluk |
summary |
intel-microcode is out of date, version 20170511 fixes errata on 6th and 7th generation platforms |
intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms |
|
| 2017-07-13 05:18:12 |
Dave Chiluk |
description |
[Impact]
* A security fix has been made available as part of intel-microcode
* It is advisable to apply it
* Thus an SRU of the latest intel-microcode is desirable for all stable releases
[Test Case]
* Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs
* Reboot and verify no averse results, and/or that microcode for your cpu was loaded as expected.
[Test case reporting]
* Please paste the output of:
dpkg-query -W intel-microcode
grep -E 'model|stepping' /proc/cpuinfo | sort -u
journalctl -k | grep microcode
[Regression Potential]
Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care.
[Other]
caml discussion describing test case to reproduce the crash.
https://caml.inria.fr/mantis/view.php?id=7452
* I did not backport the full debian/changelog, as some of the changes were ommitted for SRU purposes, and I don't like the idea of modifying the changelog of others.
* I did not backport this below change but I feel as though the SRU team should evaluate including it. I left it out due to the change as little as possible guidance from the SRU team. Additionally the microcode version that included this change was somewhere around 20111205. More information here
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr
'''
# 0x206c2: Intel Westmere B1 (Xeon 3600, 5600, Core i7 2nd gen).
#
# When Intel released a fix for Intel SA-00030, they issued a MCU that
# bumps the minimum acceptable version of the Intel TXT ACMs in the
# TPM persistent storage. This permanently blacklists the vulnerable
# ACMs *even on older microcode* in order to make it somewhat harder
# to work around the security fix through a BIOS downgrade attack.
#
# It is possible that such a microcode update, when peformed by the
# operating system, could sucessfully trigger the TPM persistent
# storage update Intel intended to happen during firmware boot: we
# simply don't know enough to rule it out. Should that happen, Intel
# TXT will be permanently disabled. This could easily interact very
# badly with the firmware, rendering the system unbootable. If *that*
# happens, it would likely require either a TPM module replacement
# (rendering sealed data useless) or a direct flash of a new BIOS with
# updated ACMs, to repair.
#
# Blacklist updates for signature 0x206c2 as a safety net.
IUC_EXCLUDE += -s !0x206c2
'''
* I versioned the packages 3.20170511.1~ubuntu<release> as I feel this more appropriately reflects the contents of each package rather than simply incrementing the ubuntu version number.
=========================================================================
[Original bug report]
NB: I am *not* directly affected by this bug.
Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt:
"This warning advisory is relevant for users of systems with the Intel
processors code-named "Skylake" and "Kaby Lake". These are: the 6th and
7th generation Intel Core processors (desktop, embedded, mobile and
HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
well as select Intel Pentium processor models.
TL;DR: unfixed Skylake and Kaby Lake processors could, in some
situations, dangerously misbehave when hyper-threading is enabled.
Disable hyper-threading immediately in BIOS/UEFI to work around the
problem. Read this advisory for instructions about an Intel-provided
fix."
It is probably a good idea to:
(1) issue a warning to our users about this;
(2) update intel-microcode on all our supported releases
I leave the discussion on whether this can have security implications to others.
[1] https://lists.debian.org/debian-devel/2017/06/msg00308.html
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: intel-microcode 3.20161104.1
ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15
Uname: Linux 4.10.0-24-generic x86_64
ApportVersion: 2.20.4-0ubuntu4.1
Architecture: amd64
CurrentDesktop: Unity:Unity7
Date: Sun Jun 25 10:14:19 2017
InstallationDate: Installed on 2017-05-26 (30 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
SourcePackage: intel-microcode
UpgradeStatus: No upgrade log present (probably fresh install) |
[Impact]
* A security fix has been made available as part of intel-microcode
* It is advisable to apply it
* Thus an SRU of the latest intel-microcode is desirable for all stable releases
[Test Case]
* Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs
* Reboot and verify no averse results, and/or that microcode for your cpu was loaded as expected.
[Test case reporting]
* Please paste the output of:
dpkg-query -W intel-microcode
grep -E 'model|stepping' /proc/cpuinfo | sort -u
journalctl -k | grep microcode
[Regression Potential]
Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care.
[Other]
caml discussion describing test case to reproduce the crash.
https://caml.inria.fr/mantis/view.php?id=7452
* I did not backport the full debian/changelog, as some of the changes were ommitted for SRU purposes, and I don't like the idea of modifying the changelog of others.
* I did not backport this below change but I feel as though the SRU team should evaluate including it. I left it out due to the change as little as possible guidance from the SRU team. Additionally we have already been shipping the microcode version that included this change for a long time. More information here
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr
'''
# 0x206c2: Intel Westmere B1 (Xeon 3600, 5600, Core i7 2nd gen).
#
# When Intel released a fix for Intel SA-00030, they issued a MCU that
# bumps the minimum acceptable version of the Intel TXT ACMs in the
# TPM persistent storage. This permanently blacklists the vulnerable
# ACMs *even on older microcode* in order to make it somewhat harder
# to work around the security fix through a BIOS downgrade attack.
#
# It is possible that such a microcode update, when peformed by the
# operating system, could sucessfully trigger the TPM persistent
# storage update Intel intended to happen during firmware boot: we
# simply don't know enough to rule it out. Should that happen, Intel
# TXT will be permanently disabled. This could easily interact very
# badly with the firmware, rendering the system unbootable. If *that*
# happens, it would likely require either a TPM module replacement
# (rendering sealed data useless) or a direct flash of a new BIOS with
# updated ACMs, to repair.
#
# Blacklist updates for signature 0x206c2 as a safety net.
IUC_EXCLUDE += -s !0x206c2
'''
* I versioned the packages 3.20170511.1~ubuntu<release> as I feel this more appropriately reflects the contents of each package rather than simply incrementing the ubuntu version number.
=========================================================================
[Original bug report]
NB: I am *not* directly affected by this bug.
Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt:
"This warning advisory is relevant for users of systems with the Intel
processors code-named "Skylake" and "Kaby Lake". These are: the 6th and
7th generation Intel Core processors (desktop, embedded, mobile and
HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
well as select Intel Pentium processor models.
TL;DR: unfixed Skylake and Kaby Lake processors could, in some
situations, dangerously misbehave when hyper-threading is enabled.
Disable hyper-threading immediately in BIOS/UEFI to work around the
problem. Read this advisory for instructions about an Intel-provided
fix."
It is probably a good idea to:
(1) issue a warning to our users about this;
(2) update intel-microcode on all our supported releases
I leave the discussion on whether this can have security implications to others.
[1] https://lists.debian.org/debian-devel/2017/06/msg00308.html
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: intel-microcode 3.20161104.1
ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15
Uname: Linux 4.10.0-24-generic x86_64
ApportVersion: 2.20.4-0ubuntu4.1
Architecture: amd64
CurrentDesktop: Unity:Unity7
Date: Sun Jun 25 10:14:19 2017
InstallationDate: Installed on 2017-05-26 (30 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
SourcePackage: intel-microcode
UpgradeStatus: No upgrade log present (probably fresh install) |
|
| 2017-07-18 10:33:47 |
Paul Menzel |
bug |
|
|
added subscriber Paul Menzel |
| 2017-07-20 23:23:12 |
Arik |
bug |
|
|
added subscriber Arik |
| 2017-07-21 05:15:23 |
Alan Eckhardt |
removed subscriber Alan Eckhardt |
|
|
|
| 2017-07-22 18:52:41 |
Dmitrii Shcherbakov |
bug |
|
|
added subscriber Dmitrii Shcherbakov |
| 2017-07-25 14:54:38 |
Fran Garcia |
bug |
|
|
added subscriber Fran Garcia |
| 2017-07-26 07:58:20 |
Balz Schreier |
bug |
|
|
added subscriber Balz Schreier |
| 2017-07-27 08:31:28 |
Paco Avila |
bug |
|
|
added subscriber Paco Avila |
| 2017-07-27 10:25:49 |
Ivan Vanyushkin |
bug |
|
|
added subscriber Ivan Vanyushkin |
| 2017-07-27 13:14:33 |
Robie Basak |
description |
[Impact]
* A security fix has been made available as part of intel-microcode
* It is advisable to apply it
* Thus an SRU of the latest intel-microcode is desirable for all stable releases
[Test Case]
* Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs
* Reboot and verify no averse results, and/or that microcode for your cpu was loaded as expected.
[Test case reporting]
* Please paste the output of:
dpkg-query -W intel-microcode
grep -E 'model|stepping' /proc/cpuinfo | sort -u
journalctl -k | grep microcode
[Regression Potential]
Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care.
[Other]
caml discussion describing test case to reproduce the crash.
https://caml.inria.fr/mantis/view.php?id=7452
* I did not backport the full debian/changelog, as some of the changes were ommitted for SRU purposes, and I don't like the idea of modifying the changelog of others.
* I did not backport this below change but I feel as though the SRU team should evaluate including it. I left it out due to the change as little as possible guidance from the SRU team. Additionally we have already been shipping the microcode version that included this change for a long time. More information here
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr
'''
# 0x206c2: Intel Westmere B1 (Xeon 3600, 5600, Core i7 2nd gen).
#
# When Intel released a fix for Intel SA-00030, they issued a MCU that
# bumps the minimum acceptable version of the Intel TXT ACMs in the
# TPM persistent storage. This permanently blacklists the vulnerable
# ACMs *even on older microcode* in order to make it somewhat harder
# to work around the security fix through a BIOS downgrade attack.
#
# It is possible that such a microcode update, when peformed by the
# operating system, could sucessfully trigger the TPM persistent
# storage update Intel intended to happen during firmware boot: we
# simply don't know enough to rule it out. Should that happen, Intel
# TXT will be permanently disabled. This could easily interact very
# badly with the firmware, rendering the system unbootable. If *that*
# happens, it would likely require either a TPM module replacement
# (rendering sealed data useless) or a direct flash of a new BIOS with
# updated ACMs, to repair.
#
# Blacklist updates for signature 0x206c2 as a safety net.
IUC_EXCLUDE += -s !0x206c2
'''
* I versioned the packages 3.20170511.1~ubuntu<release> as I feel this more appropriately reflects the contents of each package rather than simply incrementing the ubuntu version number.
=========================================================================
[Original bug report]
NB: I am *not* directly affected by this bug.
Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt:
"This warning advisory is relevant for users of systems with the Intel
processors code-named "Skylake" and "Kaby Lake". These are: the 6th and
7th generation Intel Core processors (desktop, embedded, mobile and
HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
well as select Intel Pentium processor models.
TL;DR: unfixed Skylake and Kaby Lake processors could, in some
situations, dangerously misbehave when hyper-threading is enabled.
Disable hyper-threading immediately in BIOS/UEFI to work around the
problem. Read this advisory for instructions about an Intel-provided
fix."
It is probably a good idea to:
(1) issue a warning to our users about this;
(2) update intel-microcode on all our supported releases
I leave the discussion on whether this can have security implications to others.
[1] https://lists.debian.org/debian-devel/2017/06/msg00308.html
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: intel-microcode 3.20161104.1
ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15
Uname: Linux 4.10.0-24-generic x86_64
ApportVersion: 2.20.4-0ubuntu4.1
Architecture: amd64
CurrentDesktop: Unity:Unity7
Date: Sun Jun 25 10:14:19 2017
InstallationDate: Installed on 2017-05-26 (30 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
SourcePackage: intel-microcode
UpgradeStatus: No upgrade log present (probably fresh install) |
[Impact]
* A security fix has been made available as part of intel-microcode
* It is advisable to apply it
* Thus an SRU of the latest intel-microcode is desirable for all stable releases
[Test Case]
* Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs
* Reboot and verify no averse results, and/or that microcode for your cpu was loaded as expected.
[Test case reporting]
* Please paste the output of:
dpkg-query -W intel-microcode
grep -E 'model|stepping' /proc/cpuinfo | sort -u
journalctl -k | grep microcode
[Regression Potential]
Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care.
Additional notes from ~racb, wearing an ~ubuntu-sru hat:
SRU verification needs to take care to consider CPUs actually tested. We should have a representative sample of CPUs tested in SRU verification reports before considering release to the updates pockets.
Given the potential severity of regressions, we should keep this in the proposed pockets for longer than the usual minimum ageing period. Let's have users opt-in to this update first, and only recommend it once we confidence that a reasonable number (and representative CPU sample) of opted-in users have not hit any problems.
Testers: please mark verification-done-* only after you consider that the above additional requirements have been met.
[Other]
caml discussion describing test case to reproduce the crash.
https://caml.inria.fr/mantis/view.php?id=7452
* I did not backport the full debian/changelog, as some of the changes were ommitted for SRU purposes, and I don't like the idea of modifying the changelog of others.
* I did not backport this below change but I feel as though the SRU team should evaluate including it. I left it out due to the change as little as possible guidance from the SRU team. Additionally we have already been shipping the microcode version that included this change for a long time. More information here
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr
'''
# 0x206c2: Intel Westmere B1 (Xeon 3600, 5600, Core i7 2nd gen).
#
# When Intel released a fix for Intel SA-00030, they issued a MCU that
# bumps the minimum acceptable version of the Intel TXT ACMs in the
# TPM persistent storage. This permanently blacklists the vulnerable
# ACMs *even on older microcode* in order to make it somewhat harder
# to work around the security fix through a BIOS downgrade attack.
#
# It is possible that such a microcode update, when peformed by the
# operating system, could sucessfully trigger the TPM persistent
# storage update Intel intended to happen during firmware boot: we
# simply don't know enough to rule it out. Should that happen, Intel
# TXT will be permanently disabled. This could easily interact very
# badly with the firmware, rendering the system unbootable. If *that*
# happens, it would likely require either a TPM module replacement
# (rendering sealed data useless) or a direct flash of a new BIOS with
# updated ACMs, to repair.
#
# Blacklist updates for signature 0x206c2 as a safety net.
IUC_EXCLUDE += -s !0x206c2
'''
* I versioned the packages 3.20170511.1~ubuntu<release> as I feel this more appropriately reflects the contents of each package rather than simply incrementing the ubuntu version number.
=========================================================================
[Original bug report]
NB: I am *not* directly affected by this bug.
Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt:
"This warning advisory is relevant for users of systems with the Intel
processors code-named "Skylake" and "Kaby Lake". These are: the 6th and
7th generation Intel Core processors (desktop, embedded, mobile and
HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
well as select Intel Pentium processor models.
TL;DR: unfixed Skylake and Kaby Lake processors could, in some
situations, dangerously misbehave when hyper-threading is enabled.
Disable hyper-threading immediately in BIOS/UEFI to work around the
problem. Read this advisory for instructions about an Intel-provided
fix."
It is probably a good idea to:
(1) issue a warning to our users about this;
(2) update intel-microcode on all our supported releases
I leave the discussion on whether this can have security implications to others.
[1] https://lists.debian.org/debian-devel/2017/06/msg00308.html
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: intel-microcode 3.20161104.1
ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15
Uname: Linux 4.10.0-24-generic x86_64
ApportVersion: 2.20.4-0ubuntu4.1
Architecture: amd64
CurrentDesktop: Unity:Unity7
Date: Sun Jun 25 10:14:19 2017
InstallationDate: Installed on 2017-05-26 (30 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
SourcePackage: intel-microcode
UpgradeStatus: No upgrade log present (probably fresh install) |
|
| 2017-07-27 13:16:49 |
Robie Basak |
intel-microcode (Ubuntu Xenial): status |
Confirmed |
Fix Committed |
|
| 2017-07-27 13:17:01 |
Robie Basak |
tags |
amd64 apport-bug lts verification-done-artful zesty |
amd64 apport-bug lts verification-done-artful verification-needed verification-needed-xenial zesty |
|
| 2017-07-27 13:17:29 |
Robie Basak |
intel-microcode (Ubuntu Zesty): status |
Confirmed |
Fix Committed |
|
| 2017-07-27 13:17:41 |
Robie Basak |
tags |
amd64 apport-bug lts verification-done-artful verification-needed verification-needed-xenial zesty |
amd64 apport-bug lts verification-done-artful verification-needed verification-needed-xenial verification-needed-zesty zesty |
|
| 2017-07-27 13:17:48 |
Robie Basak |
intel-microcode (Ubuntu Yakkety): status |
Confirmed |
Won't Fix |
|
| 2017-07-31 10:56:01 |
Martin Nowak |
bug |
|
|
added subscriber Martin Nowak |
| 2017-07-31 15:03:28 |
Dave Chiluk |
bug watch added |
|
http://caml.inria.fr/mantis/view.php?id=7452 |
|
| 2017-07-31 21:32:38 |
Dave Chiluk |
description |
[Impact]
* A security fix has been made available as part of intel-microcode
* It is advisable to apply it
* Thus an SRU of the latest intel-microcode is desirable for all stable releases
[Test Case]
* Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs
* Reboot and verify no averse results, and/or that microcode for your cpu was loaded as expected.
[Test case reporting]
* Please paste the output of:
dpkg-query -W intel-microcode
grep -E 'model|stepping' /proc/cpuinfo | sort -u
journalctl -k | grep microcode
[Regression Potential]
Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care.
Additional notes from ~racb, wearing an ~ubuntu-sru hat:
SRU verification needs to take care to consider CPUs actually tested. We should have a representative sample of CPUs tested in SRU verification reports before considering release to the updates pockets.
Given the potential severity of regressions, we should keep this in the proposed pockets for longer than the usual minimum ageing period. Let's have users opt-in to this update first, and only recommend it once we confidence that a reasonable number (and representative CPU sample) of opted-in users have not hit any problems.
Testers: please mark verification-done-* only after you consider that the above additional requirements have been met.
[Other]
caml discussion describing test case to reproduce the crash.
https://caml.inria.fr/mantis/view.php?id=7452
* I did not backport the full debian/changelog, as some of the changes were ommitted for SRU purposes, and I don't like the idea of modifying the changelog of others.
* I did not backport this below change but I feel as though the SRU team should evaluate including it. I left it out due to the change as little as possible guidance from the SRU team. Additionally we have already been shipping the microcode version that included this change for a long time. More information here
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr
'''
# 0x206c2: Intel Westmere B1 (Xeon 3600, 5600, Core i7 2nd gen).
#
# When Intel released a fix for Intel SA-00030, they issued a MCU that
# bumps the minimum acceptable version of the Intel TXT ACMs in the
# TPM persistent storage. This permanently blacklists the vulnerable
# ACMs *even on older microcode* in order to make it somewhat harder
# to work around the security fix through a BIOS downgrade attack.
#
# It is possible that such a microcode update, when peformed by the
# operating system, could sucessfully trigger the TPM persistent
# storage update Intel intended to happen during firmware boot: we
# simply don't know enough to rule it out. Should that happen, Intel
# TXT will be permanently disabled. This could easily interact very
# badly with the firmware, rendering the system unbootable. If *that*
# happens, it would likely require either a TPM module replacement
# (rendering sealed data useless) or a direct flash of a new BIOS with
# updated ACMs, to repair.
#
# Blacklist updates for signature 0x206c2 as a safety net.
IUC_EXCLUDE += -s !0x206c2
'''
* I versioned the packages 3.20170511.1~ubuntu<release> as I feel this more appropriately reflects the contents of each package rather than simply incrementing the ubuntu version number.
=========================================================================
[Original bug report]
NB: I am *not* directly affected by this bug.
Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt:
"This warning advisory is relevant for users of systems with the Intel
processors code-named "Skylake" and "Kaby Lake". These are: the 6th and
7th generation Intel Core processors (desktop, embedded, mobile and
HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
well as select Intel Pentium processor models.
TL;DR: unfixed Skylake and Kaby Lake processors could, in some
situations, dangerously misbehave when hyper-threading is enabled.
Disable hyper-threading immediately in BIOS/UEFI to work around the
problem. Read this advisory for instructions about an Intel-provided
fix."
It is probably a good idea to:
(1) issue a warning to our users about this;
(2) update intel-microcode on all our supported releases
I leave the discussion on whether this can have security implications to others.
[1] https://lists.debian.org/debian-devel/2017/06/msg00308.html
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: intel-microcode 3.20161104.1
ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15
Uname: Linux 4.10.0-24-generic x86_64
ApportVersion: 2.20.4-0ubuntu4.1
Architecture: amd64
CurrentDesktop: Unity:Unity7
Date: Sun Jun 25 10:14:19 2017
InstallationDate: Installed on 2017-05-26 (30 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
SourcePackage: intel-microcode
UpgradeStatus: No upgrade log present (probably fresh install) |
[Impact]
* A security fix has been made available as part of intel-microcode
* It is advisable to apply it
* Thus an SRU of the latest intel-microcode is desirable for all stable releases
[Test Case]
* Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs
* Reboot and verify no averse results, and/or that microcode for your cpu was loaded as expected.
* Ocaml crash reproducer
Download report.tar.gz from https://caml.inria.fr/mantis/view.php?id=7452 and place in your schroot scratch directory.
$ mk-sbuild artful --arch=amd64
$ schroot -c artful -u root
// Artful was chosen as it contains the required versions of Ocaml for the reproducer.
$ apt install ocaml opam ocaml-findlib m4
$ opam init
$ opam install extprot
$ eval `opam config env`
$ while ocamlfind opt -c -g -bin-annot -ccopt -g -ccopt -O2 -ccopt -Wextra -ccopt '-Wstrict-overflow=5' -thread -w +a-4-40..42-44-45-48-58 -w -27-32 -package extprot test.ml -o test.cmx; do echo "ok"; done
[Test case reporting]
* Please paste the output of:
dpkg-query -W intel-microcode
grep -E 'model|stepping' /proc/cpuinfo | sort -u
journalctl -k | grep microcode
[Regression Potential]
Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care.
Additional notes from ~racb, wearing an ~ubuntu-sru hat:
SRU verification needs to take care to consider CPUs actually tested. We should have a representative sample of CPUs tested in SRU verification reports before considering release to the updates pockets.
Given the potential severity of regressions, we should keep this in the proposed pockets for longer than the usual minimum ageing period. Let's have users opt-in to this update first, and only recommend it once we confidence that a reasonable number (and representative CPU sample) of opted-in users have not hit any problems.
Testers: please mark verification-done-* only after you consider that the above additional requirements have been met.
[Other]
caml discussion describing test case to reproduce the crash.
https://caml.inria.fr/mantis/view.php?id=7452
* I did not backport the full debian/changelog, as some of the changes were ommitted for SRU purposes, and I don't like the idea of modifying the changelog of others.
* I did not backport this below change but I feel as though the SRU team should evaluate including it. I left it out due to the change as little as possible guidance from the SRU team. Additionally we have already been shipping the microcode version that included this change for a long time. More information here
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr
'''
# 0x206c2: Intel Westmere B1 (Xeon 3600, 5600, Core i7 2nd gen).
#
# When Intel released a fix for Intel SA-00030, they issued a MCU that
# bumps the minimum acceptable version of the Intel TXT ACMs in the
# TPM persistent storage. This permanently blacklists the vulnerable
# ACMs *even on older microcode* in order to make it somewhat harder
# to work around the security fix through a BIOS downgrade attack.
#
# It is possible that such a microcode update, when peformed by the
# operating system, could sucessfully trigger the TPM persistent
# storage update Intel intended to happen during firmware boot: we
# simply don't know enough to rule it out. Should that happen, Intel
# TXT will be permanently disabled. This could easily interact very
# badly with the firmware, rendering the system unbootable. If *that*
# happens, it would likely require either a TPM module replacement
# (rendering sealed data useless) or a direct flash of a new BIOS with
# updated ACMs, to repair.
#
# Blacklist updates for signature 0x206c2 as a safety net.
IUC_EXCLUDE += -s !0x206c2
'''
* I versioned the packages 3.20170511.1~ubuntu<release> as I feel this more appropriately reflects the contents of each package rather than simply incrementing the ubuntu version number.
=========================================================================
[Original bug report]
NB: I am *not* directly affected by this bug.
Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt:
"This warning advisory is relevant for users of systems with the Intel
processors code-named "Skylake" and "Kaby Lake". These are: the 6th and
7th generation Intel Core processors (desktop, embedded, mobile and
HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
well as select Intel Pentium processor models.
TL;DR: unfixed Skylake and Kaby Lake processors could, in some
situations, dangerously misbehave when hyper-threading is enabled.
Disable hyper-threading immediately in BIOS/UEFI to work around the
problem. Read this advisory for instructions about an Intel-provided
fix."
It is probably a good idea to:
(1) issue a warning to our users about this;
(2) update intel-microcode on all our supported releases
I leave the discussion on whether this can have security implications to others.
[1] https://lists.debian.org/debian-devel/2017/06/msg00308.html
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: intel-microcode 3.20161104.1
ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15
Uname: Linux 4.10.0-24-generic x86_64
ApportVersion: 2.20.4-0ubuntu4.1
Architecture: amd64
CurrentDesktop: Unity:Unity7
Date: Sun Jun 25 10:14:19 2017
InstallationDate: Installed on 2017-05-26 (30 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
SourcePackage: intel-microcode
UpgradeStatus: No upgrade log present (probably fresh install) |
|
| 2017-07-31 21:32:51 |
Dave Chiluk |
tags |
amd64 apport-bug lts verification-done-artful verification-needed verification-needed-xenial verification-needed-zesty zesty |
amd64 apport-bug lts verification-done-artful verification-done-xenial verification-needed verification-needed-zesty zesty |
|
| 2017-08-02 00:52:14 |
Dave Chiluk |
tags |
amd64 apport-bug lts verification-done-artful verification-done-xenial verification-needed verification-needed-zesty zesty |
amd64 apport-bug lts verification-done verification-done-artful verification-done-xenial verification-done-zesty zesty |
|
| 2017-08-02 00:53:59 |
Dave Chiluk |
intel-microcode (Ubuntu Yakkety): assignee |
Dave Chiluk (chiluk) |
|
|
| 2017-08-07 13:50:52 |
Alexander Browne |
removed subscriber Alexander Browne |
|
|
|
| 2017-08-17 18:10:46 |
Simon Déziel |
bug |
|
|
added subscriber Simon Déziel |
| 2017-08-18 08:35:35 |
Wolfgang Ebner |
bug |
|
|
added subscriber Wolfgang Ebner |
| 2017-08-22 08:47:21 |
Stefan Huehner |
bug |
|
|
added subscriber Stefan Huehner |
| 2017-08-23 00:24:28 |
Launchpad Janitor |
intel-microcode (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
| 2017-08-23 00:24:50 |
Launchpad Janitor |
intel-microcode (Ubuntu Zesty): status |
Fix Committed |
Fix Released |
|
| 2017-11-02 11:11:21 |
hirose31 |
bug |
|
|
added subscriber hirose31 |
| 2017-11-26 10:36:51 |
Tony Karlsson |
removed subscriber Tony Karlsson |
|
|
|
| 2017-12-19 12:03:35 |
linuxar |
bug |
|
|
added subscriber linuxar |
| 2018-01-11 18:58:13 |
Launchpad Janitor |
intel-microcode (Ubuntu Trusty): status |
Won't Fix |
Fix Released |
|
