2018-05-29 23:58:55 |
Tyler Hicks |
bug |
|
|
added bug |
2018-05-29 23:59:10 |
Tyler Hicks |
bug |
|
|
added subscriber Ubuntu Security Team |
2018-05-29 23:59:32 |
Tyler Hicks |
nominated for series |
|
Ubuntu Trusty |
|
2018-05-29 23:59:32 |
Tyler Hicks |
bug task added |
|
linux (Ubuntu Trusty) |
|
2018-05-29 23:59:38 |
Tyler Hicks |
linux (Ubuntu Trusty): status |
New |
In Progress |
|
2018-05-29 23:59:40 |
Tyler Hicks |
linux (Ubuntu Trusty): assignee |
|
Tyler Hicks (tyhicks) |
|
2018-05-29 23:59:43 |
Tyler Hicks |
linux (Ubuntu): status |
In Progress |
Invalid |
|
2018-05-30 00:02:05 |
Steve Beattie |
bug |
|
|
added subscriber Steve Beattie |
2018-05-30 04:27:48 |
Tyler Hicks |
description |
[Impact]
AMD has recently updated the microcode in the linux-firmware tree for family 17h processors to address Spectre variant 2. The Trusty 3.13 kernel cannot load the microcode because it is missing a backport of upstream patch f4e9b7af0cd58dd039a0fb2cd67d57cea4889abf which leaves AMD machines vulnerable.
[Test Case]
Test must be done on a 17h family processor:
1) Take note of the microcode version before applying updated microcode:
$ sudo cat /sys/devices/system/cpu/cpu0/microcode/version
0x8001227
2) Get updated amd64-microcode package from the Ubuntu Security Team. Install it and reboot machine.
3) Verify that the microcode version has changed.
[Regression Potential]
The regression potential to the kernel revolves around the fact that the IBRS/IBPB implementation in the 3.13 kernel may not have been put through its paces yet due to a lack of available microcode updates. There could be a latent bug present that is uncovered. |
[Impact]
AMD has recently updated the microcode in the linux-firmware tree for family 17h processors to address Spectre variant 2. The Trusty 3.13 kernel cannot load the microcode because it is missing a backport of upstream patch f4e9b7af0cd58dd039a0fb2cd67d57cea4889abf which leaves AMD machines vulnerable.
[Test Case]
Test must be done on a 17h family processor:
1) Take note of the microcode version before applying updated microcode:
$ sudo cat /sys/devices/system/cpu/cpu0/microcode/version
0x8001227
2) Get updated amd64-microcode package from the Ubuntu Security Team. Install it and reboot machine.
3) Verify that the microcode version has changed.
Alternate test case (useful in the situation that the test system is already running the latest microcode revision due to a BIOS update):
1) Fetch the latest 17h family microcode revision from here (you may want to verify the signature):
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode/microcode_amd_fam17h.bin
2) Move it into /lib/firmware/amd-ucode/
3) Force a microcode reload:
$ echo 1 | sudo tee /sys/devices/system/cpu/microcode/reload
4) Verify that the following error message is *not* in your syslog:
May 30 04:22:55 lodygin kernel: [ 388.290105] microcode: patch size mismatch
May 30 04:22:55 lodygin kernel: [ 388.290149] microcode: Patch-ID 0x08001227: size mismatch.
[Regression Potential]
The regression potential to the kernel revolves around the fact that the IBRS/IBPB implementation in the 3.13 kernel may not have been put through its paces yet due to a lack of available microcode updates. There could be a latent bug present that is uncovered. |
|
2018-05-30 04:28:17 |
Tyler Hicks |
description |
[Impact]
AMD has recently updated the microcode in the linux-firmware tree for family 17h processors to address Spectre variant 2. The Trusty 3.13 kernel cannot load the microcode because it is missing a backport of upstream patch f4e9b7af0cd58dd039a0fb2cd67d57cea4889abf which leaves AMD machines vulnerable.
[Test Case]
Test must be done on a 17h family processor:
1) Take note of the microcode version before applying updated microcode:
$ sudo cat /sys/devices/system/cpu/cpu0/microcode/version
0x8001227
2) Get updated amd64-microcode package from the Ubuntu Security Team. Install it and reboot machine.
3) Verify that the microcode version has changed.
Alternate test case (useful in the situation that the test system is already running the latest microcode revision due to a BIOS update):
1) Fetch the latest 17h family microcode revision from here (you may want to verify the signature):
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode/microcode_amd_fam17h.bin
2) Move it into /lib/firmware/amd-ucode/
3) Force a microcode reload:
$ echo 1 | sudo tee /sys/devices/system/cpu/microcode/reload
4) Verify that the following error message is *not* in your syslog:
May 30 04:22:55 lodygin kernel: [ 388.290105] microcode: patch size mismatch
May 30 04:22:55 lodygin kernel: [ 388.290149] microcode: Patch-ID 0x08001227: size mismatch.
[Regression Potential]
The regression potential to the kernel revolves around the fact that the IBRS/IBPB implementation in the 3.13 kernel may not have been put through its paces yet due to a lack of available microcode updates. There could be a latent bug present that is uncovered. |
[Impact]
AMD has recently updated the microcode in the linux-firmware tree for family 17h processors to address Spectre variant 2. The Trusty 3.13 kernel cannot load the microcode because it is missing a backport of upstream patch f4e9b7af0cd58dd039a0fb2cd67d57cea4889abf which leaves AMD machines vulnerable.
[Test Case (option 1)]
Test must be done on a 17h family processor:
1) Take note of the microcode version before applying updated microcode:
$ sudo cat /sys/devices/system/cpu/cpu0/microcode/version
0x8001227
2) Get updated amd64-microcode package from the Ubuntu Security Team. Install it and reboot machine.
3) Verify that the microcode version has changed.
[Test Case (option 2)]
Alternate test case (useful in the situation that the test system is already running the latest microcode revision due to a BIOS update):
1) Fetch the latest 17h family microcode revision from here (you may want to verify the signature):
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode/microcode_amd_fam17h.bin
2) Move it into /lib/firmware/amd-ucode/
3) Force a microcode reload:
$ echo 1 | sudo tee /sys/devices/system/cpu/microcode/reload
4) Verify that the following error message is *not* in your syslog:
May 30 04:22:55 lodygin kernel: [ 388.290105] microcode: patch size mismatch
May 30 04:22:55 lodygin kernel: [ 388.290149] microcode: Patch-ID 0x08001227: size mismatch.
[Regression Potential]
The regression potential to the kernel revolves around the fact that the IBRS/IBPB implementation in the 3.13 kernel may not have been put through its paces yet due to a lack of available microcode updates. There could be a latent bug present that is uncovered. |
|
2018-05-30 12:13:24 |
Stefan Bader |
linux (Ubuntu Trusty): status |
In Progress |
Fix Committed |
|
2018-05-31 13:02:23 |
Brad Figg |
tags |
|
verification-needed-trusty |
|
2018-05-31 14:13:55 |
Tyler Hicks |
tags |
verification-needed-trusty |
verification-done-trusty |
|
2018-06-11 11:21:58 |
Juerg Haefliger |
nominated for series |
|
Ubuntu Precise |
|
2018-06-11 15:10:59 |
Launchpad Janitor |
linux (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
2018-06-11 15:10:59 |
Launchpad Janitor |
cve linked |
|
2017-0627 |
|
2018-06-11 15:10:59 |
Launchpad Janitor |
cve linked |
|
2018-1068 |
|
2018-06-11 15:10:59 |
Launchpad Janitor |
cve linked |
|
2018-3639 |
|
2018-06-11 15:10:59 |
Launchpad Janitor |
cve linked |
|
2018-7492 |
|
2018-06-11 15:10:59 |
Launchpad Janitor |
cve linked |
|
2018-8781 |
|
2019-09-16 16:22:02 |
Simon Rodan |
bug |
|
|
added subscriber Simon Rodan |