intel released new microcode

Bug #1733582 reported by Léon Hagenaars-Keus on 2017-11-21
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
intel-microcode (Ubuntu)
Undecided
Unassigned
Trusty
Undecided
Unassigned
Xenial
Undecided
Unassigned
Zesty
Undecided
Unassigned
Artful
Undecided
Unassigned
Bionic
Undecided
Unassigned

Bug Description

Intel released a new microcode file (https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File).
I think this warrents a new version of the intel-microcode package.

The package is allready available upstream (https://packages.debian.org/sid/intel-microcode)

Dimitri John Ledkov (xnox) wrote :

This bug was fixed in the package intel-microcode - 3.20171117.1

---------------
intel-microcode (3.20171117.1) unstable; urgency=medium

  * New upstream microcode data file 20171117
    + New Microcodes:
      sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
      sig 0x000706a1, pf_mask 0x01, 2017-10-31, rev 0x001e, size 72704
      sig 0x000906ea, pf_mask 0x22, 2017-08-23, rev 0x0070, size 95232
      sig 0x000906eb, pf_mask 0x02, 2017-09-20, rev 0x0072, size 97280
    + Updated Microcodes:
      sig 0x00050654, pf_mask 0xb7, 2017-10-17, rev 0x2000035, size 26624
      sig 0x000806ea, pf_mask 0xc0, 2017-08-03, rev 0x0070, size 96256
  * source: remove superseded upstream data file: 20170707.
  * source: remove unneeded intel-ucode/ directory for 20171117.
  * debian/control: bump standards version to 4.1.1 (no changes)
  * Makefile: rename microcode-extras.pbin to microcode-includes.pbin.
  * README.source: fix IUC_EXCLUDE example and minor issues.
  * Makefile, README.souce: support loading ucode from directories.
  * debian/rules: switch to dh mode (debhelper v9)
  * ucode-blacklist: blacklist sig 0x406f1 (Skylake-X H0) from late
    loading.

 -- Henrique de Moraes Holschuh <email address hidden> Sat, 18 Nov 2017 18:55:09 -0200

Changed in intel-microcode (Ubuntu):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in intel-microcode (Ubuntu Artful):
status: New → Confirmed
Changed in intel-microcode (Ubuntu Trusty):
status: New → Confirmed
Changed in intel-microcode (Ubuntu Xenial):
status: New → Confirmed
Changed in intel-microcode (Ubuntu Zesty):
status: New → Confirmed
Marc Deslauriers (mdeslaur) wrote :

Thanks for filing this issue.

As far as I can tell on the Intel page linked above, the CVEs were issued against vulnerabilities in the Manageability Engine, Server Platform Service, and the Trusted Execution Engine.

I believe the intel-microcode package only contains microcode for the CPU, and doesn't contain firmware for the ME, SPS and TXE. To update those components, you need to apply firmware updates from the computer manufacturer.

I am removing the references to CVEs from this bug. If you disagree with my assessment, please comment below. Thanks!

summary: - intel released new microcode fixing several CVE's related to the ME
+ intel released new microcode
description: updated
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related questions