2022-06-06 04:45:53 |
Alex Murray |
bug |
|
|
added bug |
2022-06-06 04:50:44 |
Alex Murray |
nominated for series |
|
Ubuntu Bionic |
|
2022-06-06 04:50:44 |
Alex Murray |
bug task added |
|
intel-microcode (Ubuntu Bionic) |
|
2022-06-06 04:50:44 |
Alex Murray |
nominated for series |
|
Ubuntu Focal |
|
2022-06-06 04:50:44 |
Alex Murray |
bug task added |
|
intel-microcode (Ubuntu Focal) |
|
2022-06-06 04:50:44 |
Alex Murray |
nominated for series |
|
Ubuntu Jammy |
|
2022-06-06 04:50:44 |
Alex Murray |
bug task added |
|
intel-microcode (Ubuntu Jammy) |
|
2022-06-06 04:50:44 |
Alex Murray |
nominated for series |
|
Ubuntu Impish |
|
2022-06-06 04:50:44 |
Alex Murray |
bug task added |
|
intel-microcode (Ubuntu Impish) |
|
2022-06-06 04:52:07 |
Alex Murray |
tags |
|
block-proposed-bionic |
|
2022-06-06 04:52:23 |
Alex Murray |
tags |
block-proposed-bionic |
block-proposed-bionic block-proposed-focal block-proposed-impish block-proposed-jammy |
|
2022-06-06 05:14:09 |
Alex Murray |
intel-microcode (Ubuntu Bionic): status |
New |
Fix Committed |
|
2022-06-06 05:14:12 |
Alex Murray |
intel-microcode (Ubuntu Focal): status |
New |
Fix Committed |
|
2022-06-06 05:14:15 |
Alex Murray |
intel-microcode (Ubuntu Impish): status |
New |
Fix Committed |
|
2022-06-06 05:14:18 |
Alex Murray |
intel-microcode (Ubuntu Jammy): status |
New |
Fix Committed |
|
2022-06-06 06:51:28 |
Alex Murray |
description |
Intel released version 20220510 / IPU 2022.1 earlier in May to address multiple vulnerabilities, including:
- CVE-2022-21151, INTEL-SA-00617
- CVE-2021-0146, INTEL-SA-00528
- CVE-2021-0127, INTEL-SA-00532
This version is already packaged in Ubuntu 22.10 (kinetic).
Whilst this is a security update, to allow for increased testing before being more widely deployed the Ubuntu Security team are wishing to publish this first via -proposed and then to -updates at which point it will also then be published to -security. |
Intel released version 20220510 / IPU 2022.1 earlier in May to address multiple vulnerabilities, including:
- CVE-2022-21151, INTEL-SA-00617
- CVE-2021-0146, INTEL-SA-00528
- CVE-2021-0127, INTEL-SA-00532
This version is already packaged in Ubuntu 22.10 (kinetic).
Whilst this is a security update, to allow for increased testing before being more widely deployed the Ubuntu Security team are wishing to publish this first via -proposed and then to -security at which point it will also then be published to -updates as per the usual security->updates sync. |
|
2022-06-06 07:17:10 |
Chris Halse Rogers |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2022-06-06 07:17:13 |
Chris Halse Rogers |
bug |
|
|
added subscriber SRU Verification |
2022-06-06 07:17:18 |
Chris Halse Rogers |
tags |
block-proposed-bionic block-proposed-focal block-proposed-impish block-proposed-jammy |
block-proposed-bionic block-proposed-focal block-proposed-impish block-proposed-jammy verification-needed verification-needed-jammy |
|
2022-06-06 07:20:32 |
Chris Halse Rogers |
tags |
block-proposed-bionic block-proposed-focal block-proposed-impish block-proposed-jammy verification-needed verification-needed-jammy |
block-proposed-bionic block-proposed-focal block-proposed-impish block-proposed-jammy verification-needed verification-needed-impish verification-needed-jammy |
|
2022-06-06 07:27:49 |
Chris Halse Rogers |
tags |
block-proposed-bionic block-proposed-focal block-proposed-impish block-proposed-jammy verification-needed verification-needed-impish verification-needed-jammy |
block-proposed-bionic block-proposed-focal block-proposed-impish block-proposed-jammy verification-needed verification-needed-focal verification-needed-impish verification-needed-jammy |
|
2022-06-06 07:32:21 |
Chris Halse Rogers |
tags |
block-proposed-bionic block-proposed-focal block-proposed-impish block-proposed-jammy verification-needed verification-needed-focal verification-needed-impish verification-needed-jammy |
block-proposed-bionic block-proposed-focal block-proposed-impish block-proposed-jammy verification-needed verification-needed-bionic verification-needed-focal verification-needed-impish verification-needed-jammy |
|
2022-06-14 06:42:55 |
Alex Murray |
tags |
block-proposed-bionic block-proposed-focal block-proposed-impish block-proposed-jammy verification-needed verification-needed-bionic verification-needed-focal verification-needed-impish verification-needed-jammy |
block-proposed-bionic block-proposed-focal block-proposed-impish block-proposed-jammy verification-done verification-done-bionic verification-done-focal verification-done-impish verification-done-jammy |
|
2022-06-15 01:18:36 |
Alex Murray |
description |
Intel released version 20220510 / IPU 2022.1 earlier in May to address multiple vulnerabilities, including:
- CVE-2022-21151, INTEL-SA-00617
- CVE-2021-0146, INTEL-SA-00528
- CVE-2021-0127, INTEL-SA-00532
This version is already packaged in Ubuntu 22.10 (kinetic).
Whilst this is a security update, to allow for increased testing before being more widely deployed the Ubuntu Security team are wishing to publish this first via -proposed and then to -security at which point it will also then be published to -updates as per the usual security->updates sync. |
[Impact]
* Users are vulnerable to multiple security issues, including MMIO stale data (https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/processor-mmio-stale-data-vulnerabilities.html) (https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html)
* Normally the security team would release updates direct to the -security pocket but since the associated kernels are being published via -updates *and* to allow phased updates to be used, it is preferred to publish these via -updates first, then they can be synced to -security once fully phased.
[Test Plan]
* install the updated intel-microcode packages and reboot the system
[Where problems could occur]
* Historically there have been issues where intel-microcode updates resulted in machines that fail to boot. This has usually been the case when a machine is using an old BIOS and the microcode which is loaded in early boot is much newer. Intel have increased their own internal testing to try and ensure this is detected before releasing to production.
Also these updates have now been in -proposed for over a week without any mention of issues *plus* they have been tested extensively via testflinger on the Canonical certification lab's suite of machines too.
Finally, in this unlikely case, users can boot via the '(recovery mode)' menu entries in grub which disables early microcode loading from the initrd to workaround this and then rollback the microcode update directly.
[Other Info]
Intel released version 20220510 / IPU 2022.1 earlier in May to address multiple vulnerabilities, including:
- CVE-2022-21151, INTEL-SA-00617
- CVE-2021-0146, INTEL-SA-00528
- CVE-2021-0127, INTEL-SA-00532
This version is already packaged in Ubuntu 22.10 (kinetic).
Earlier today Intel disclosed another set of vulnerabilities (MMIO stale data) which are also fixed by these updates.
Whilst this is a security update, to allow for increased testing before being more widely deployed the Ubuntu Security team are wishing to publish this first via -proposed and then to -updates so they can be phased along with the associated kernel updates for MMIO stale data as well. |
|
2022-06-15 01:19:54 |
Alex Murray |
tags |
block-proposed-bionic block-proposed-focal block-proposed-impish block-proposed-jammy verification-done verification-done-bionic verification-done-focal verification-done-impish verification-done-jammy |
verification-done verification-done-bionic verification-done-focal verification-done-impish verification-done-jammy |
|
2022-06-15 01:38:09 |
Chris Halse Rogers |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2022-06-15 01:42:34 |
Launchpad Janitor |
intel-microcode (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2022-06-15 01:42:34 |
Launchpad Janitor |
cve linked |
|
2021-0127 |
|
2022-06-15 01:42:34 |
Launchpad Janitor |
cve linked |
|
2021-0146 |
|
2022-06-15 01:42:34 |
Launchpad Janitor |
cve linked |
|
2022-21151 |
|
2022-06-15 01:42:58 |
Launchpad Janitor |
intel-microcode (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
2022-06-15 01:43:14 |
Launchpad Janitor |
intel-microcode (Ubuntu Impish): status |
Fix Committed |
Fix Released |
|
2022-06-15 01:43:31 |
Launchpad Janitor |
intel-microcode (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|