Updated microcode for Spectre fix
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| intel |
Undecided
|
Unassigned | ||
| intel-microcode (Ubuntu) |
Critical
|
Unassigned | ||
| Trusty |
Undecided
|
Unassigned | ||
| Xenial |
Undecided
|
Unassigned | ||
| Zesty |
Undecided
|
Unassigned | ||
| Artful |
Undecided
|
Unassigned | ||
| Bionic |
Critical
|
Unassigned |
Bug Description
Intel have finally released the updated microcode for the Spectre bug.
See https:/
From the release note:
Intel Processor Microcode Package for Linux
20180108 Release
-- Updates upon 20171117 release --
IVT C0 (06-3e-04:ed) 428->42a
SKL-U/Y D0 (06-4e-03:c0) ba->c2
BDW-U/Y E/F (06-3d-04:c0) 25->28
HSW-ULT Cx/Dx (06-45-01:72) 20->21
Crystalwell Cx (06-46-01:32) 17->18
BDW-H E/G (06-47-01:22) 17->1b
HSX-EX E0 (06-3f-04:80) 0f->10
SKL-H/S R0 (06-5e-03:36) ba->c2
HSW Cx/Dx (06-3c-03:32) 22->23
HSX C0 (06-3f-02:6f) 3a->3b
BDX-DE V0/V1 (06-56-02:10) 0f->14
BDX-DE V2 (06-56-03:10) 700000d->7000011
KBL-U/Y H0 (06-8e-09:c0) 62->80
KBL Y0 / CFL D0 (06-8e-0a:c0) 70->80
KBL-H/S B0 (06-9e-09:2a) 5e->80
CFL U0 (06-9e-0a:22) 70->80
CFL B0 (06-9e-0b:02) 72->80
SKX H0 (06-55-04:b7) 2000035->200003c
GLK B0 (06-7a-01:01) 1e->22
These should be released ASAP since they will be needed for the upcoming Spectre fixes in the Kernel.
Leith Bade (ljbade) wrote : | #2 |
Launchpad Janitor (janitor) wrote : | #3 |
Status changed to 'Confirmed' because the bug affects multiple users.
Changed in intel-microcode (Ubuntu): | |
status: | New → Confirmed |
Changed in intel-microcode (Ubuntu): | |
status: | Confirmed → Triaged |
importance: | Undecided → Critical |
Marc Deslauriers (mdeslaur) wrote : | #4 |
There are packages available in the security team PPA here:
https:/
They will be published today or tomorrow.
Leith Bade (ljbade) wrote : | #5 |
@mdeslaur it seems that your package has one extra microcode compared to the file on intel.com:
sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
According to https:/
Marc Deslauriers (mdeslaur) wrote : | #6 |
That's not what that means. I think it means the Debian package reverted to the 2017-03-25 version instead of the pre-release version that was newer.
We never shipped the pre-release version, hence we are shipping the 2017-03-25 version for the first time.
Launchpad Janitor (janitor) wrote : | #7 |
Status changed to 'Confirmed' because the bug affects multiple users.
Changed in intel-microcode (Ubuntu Artful): | |
status: | New → Confirmed |
Changed in intel-microcode (Ubuntu Trusty): | |
status: | New → Confirmed |
Changed in intel-microcode (Ubuntu Xenial): | |
status: | New → Confirmed |
Changed in intel-microcode (Ubuntu Zesty): | |
status: | New → Confirmed |
Leith Bade (ljbade) wrote : | #11 |
Ah I see, sorry for the confusion.
Just verified that the microcode.dat file in your PPA is identical to the one on intel.com
Marc Deslauriers (mdeslaur) wrote : | #12 |
FYI, we are waiting to release these packages at the same time as a new linux-meta package in order to deploy the microcode updates on systems where the intel-microcode package never got installed.
See bug 1738259
Marc Deslauriers (mdeslaur) wrote : | #13 |
Updates have been released:
https:/
Changed in intel-microcode (Ubuntu Trusty): | |
status: | Confirmed → Fix Released |
Changed in intel-microcode (Ubuntu Xenial): | |
status: | Confirmed → Fix Released |
Changed in intel-microcode (Ubuntu Zesty): | |
status: | Confirmed → Fix Released |
Changed in intel-microcode (Ubuntu Artful): | |
status: | Confirmed → Fix Released |
Changed in intel-microcode (Ubuntu Bionic): | |
status: | Triaged → Fix Released |
Changed in intel: | |
status: | New → Incomplete |
status: | Incomplete → Fix Released |
Leith Bade (ljbade) wrote : | #14 |
Intel have released more microcode updates to replace the ones they rolled back:
https:/
Simon Déziel (sdeziel) wrote : | #15 |
@ljbade, this update is currently in QA and you can help test it by enabling this PPA: https:/
Should note the list seems to compare well with the only other list of Spectre microcode versions I am aware of on https:/ /wiki.gentoo. org/wiki/ Project: Security/ Vulnerabilities /Meltdown_ and_Spectre