Update intel-microcode to latest upstream release 20210216 for CVE fixes for xeon platforms
Bug #1927911 reported by
Alex Murray
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
intel-microcode (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Groovy |
Fix Released
|
Undecided
|
Unassigned | ||
Hirsute |
Fix Released
|
Undecided
|
Unassigned | ||
Impish |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Intel released microcode 20210216 which should be incorporated into the various Ubuntu releases as a security update.
To post a comment you must log in.
This bug was fixed in the package intel-microcode - 3.20210216.1ubuntu1
--------------- 1ubuntu1) impish; urgency=medium
intel-microcode (3.20210216.
* Merge from Debian unstable (LP: #1927911). Remaining changes: initramfs. hook: Do not override preset defaults from
- debian/
auto-exported conf snippets loaded by initramfs-tools.
intel-microcode (3.20210216.1) unstable; urgency=medium
* New upstream microcode datafile 20210216
* Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
and Cascade Lake Server (B0/B1) when using an active JTAG
agent like In Target Probe (ITP), Direct Connect Interface
(DCI) or a Baseboard Management Controller (BMC) to take the
CPU JTAG/TAP out of reset and then returning it to reset.
* This issue is related to the INTEL-SA-00381 mitigation.
* Updated Microcodes:
sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
* source: update symlinks to reflect id of the latest release, 20210216
intel-microcode (3.20201118.1) unstable; urgency=medium
* New upstream microcode datafile 20201118 INTEL-SA- 00381, INTEL-SA-00389)
* Removes a faulty microcode update from release 2020-11-10 for Tiger Lake
processors. Note that Debian already had removed this specific falty
microcode update on the 3.20201110.1 release
* Add a microcode update for the Pentium Silver N/J5xxx and Celeron
N/J4xxx which didn't make it to release 20201110, fixing security issues
(
* Updated Microcodes:
sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752
* Removed Microcodes:
sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520
intel-microcode (3.20201110.1) unstable; urgency=medium
* New upstream microcode datafile 20201110 (closes: #974533) CVE-2020- 0543, INTEL-SA-00320)
* Implements mitigation for CVE-2020-8696 and CVE-2020-8698,
aka INTEL-SA-00381: AVX register information leakage;
Fast-Forward store predictor information leakage
* Implements mitigation for CVE-2020-8695, Intel SGX information
disclosure via RAPL, aka INTEL-SA-00389
* Fixes critical errata on several processor models
* Reintroduces SRBDS mitigations(
for Skylake-U/Y, Skylake Xeon E3
* New Microcodes
sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e, size 27648
sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028, size 32768
sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520
sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0, size 93184
sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 94208
sig 0x000a0655, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 93184
sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0, size 93184
* Updated Microcodes
sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044, size 34816
sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2, size 105472
sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159, size 33792
...