Ubuntu
intel-microcode package

Updated microcode for Spectre fix

Bug #1742364 reported by Leith Bade
308
This bug affects 8 people
Affects Status Importance Assigned to Milestone
intel
Fix Released
Undecided
Unassigned
intel-microcode (Ubuntu)
Fix Released
Critical
Unassigned
Trusty
Fix Released
Undecided
Unassigned
Xenial
Fix Released
Undecided
Unassigned
Zesty
Fix Released
Undecided
Unassigned
Artful
Fix Released
Undecided
Unassigned
Bionic
Fix Released
Critical
Unassigned

Bug Description

Intel have finally released the updated microcode for the Spectre bug.

See https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File?v=t

From the release note:
Intel Processor Microcode Package for Linux
20180108 Release

-- Updates upon 20171117 release --
IVT C0 (06-3e-04:ed) 428->42a
SKL-U/Y D0 (06-4e-03:c0) ba->c2
BDW-U/Y E/F (06-3d-04:c0) 25->28
HSW-ULT Cx/Dx (06-45-01:72) 20->21
Crystalwell Cx (06-46-01:32) 17->18
BDW-H E/G (06-47-01:22) 17->1b
HSX-EX E0 (06-3f-04:80) 0f->10
SKL-H/S R0 (06-5e-03:36) ba->c2
HSW Cx/Dx (06-3c-03:32) 22->23
HSX C0 (06-3f-02:6f) 3a->3b
BDX-DE V0/V1 (06-56-02:10) 0f->14
BDX-DE V2 (06-56-03:10) 700000d->7000011
KBL-U/Y H0 (06-8e-09:c0) 62->80
KBL Y0 / CFL D0 (06-8e-0a:c0) 70->80
KBL-H/S B0 (06-9e-09:2a) 5e->80
CFL U0 (06-9e-0a:22) 70->80
CFL B0 (06-9e-0b:02) 72->80
SKX H0 (06-55-04:b7) 2000035->200003c
GLK B0 (06-7a-01:01) 1e->22

These should be released ASAP since they will be needed for the upcoming Spectre fixes in the Kernel.

CVE References

Revision history for this message
Leith Bade (ljbade) wrote :
information type: Private Security → Public Security
Revision history for this message
Leith Bade (ljbade) wrote :

Should note the list seems to compare well with the only other list of Spectre microcode versions I am aware of on https://wiki.gentoo.org/wiki/Project:Security/Vulnerabilities/Meltdown_and_Spectre

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in intel-microcode (Ubuntu):
status: New → Confirmed
Adolfo Jayme Barrientos (fitojb)
Changed in intel-microcode (Ubuntu):
status: Confirmed → Triaged
importance: Undecided → Critical
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

There are packages available in the security team PPA here:

https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages

They will be published today or tomorrow.

Revision history for this message
Leith Bade (ljbade) wrote :

@mdeslaur it seems that your package has one extra microcode compared to the file on intel.com:
sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384

According to https://packages.qa.debian.org/i/intel-microcode/news/20180110T100610Z.html that file was removed compared to the "unofficial" release.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

That's not what that means. I think it means the Debian package reverted to the 2017-03-25 version instead of the pre-release version that was newer.

We never shipped the pre-release version, hence we are shipping the 2017-03-25 version for the first time.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in intel-microcode (Ubuntu Artful):
status: New → Confirmed
Changed in intel-microcode (Ubuntu Trusty):
status: New → Confirmed
Changed in intel-microcode (Ubuntu Xenial):
status: New → Confirmed
Changed in intel-microcode (Ubuntu Zesty):
status: New → Confirmed
Revision history for this message
Leith Bade (ljbade) wrote :

Ah I see, sorry for the confusion.

Just verified that the microcode.dat file in your PPA is identical to the one on intel.com

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

FYI, we are waiting to release these packages at the same time as a new linux-meta package in order to deploy the microcode updates on systems where the intel-microcode package never got installed.

See bug 1738259

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Updates have been released:
https://usn.ubuntu.com/usn/usn-3531-1

Changed in intel-microcode (Ubuntu Trusty):
status: Confirmed → Fix Released
Changed in intel-microcode (Ubuntu Xenial):
status: Confirmed → Fix Released
Changed in intel-microcode (Ubuntu Zesty):
status: Confirmed → Fix Released
Changed in intel-microcode (Ubuntu Artful):
status: Confirmed → Fix Released
Changed in intel-microcode (Ubuntu Bionic):
status: Triaged → Fix Released
Leann Ogasawara (leannogasawara)
Changed in intel:
status: New → Incomplete
status: Incomplete → Fix Released
Revision history for this message
Leith Bade (ljbade) wrote :

Intel have released more microcode updates to replace the ones they rolled back:
https://downloadcenter.intel.com/download/27591/Linux-Processor-Microcode-Data-File?v=t

Revision history for this message
Simon Déziel (sdeziel) wrote :

@ljbade, this update is currently in QA and you can help test it by enabling this PPA: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.