Update to upstream 2.1-19. 20180807
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2018-eb34880f6fPlease log in to add feedback.
| 0 | 0 | Test Case microcode update |
This update has been submitted for testing by aarapov.
works for me - fixes CVE-2018-3640 [rogue system register read] aka 'Variant 3a' and CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
works
works
CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
This update has been pushed to testing.
This update has been submitted for batched by bodhi.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.
Hi, The upgrade does not work here. I suspect a bug somewhere...
$ sudo dnf list installed | grep microcode microcode_ctl.x86_64 2:2.1-26.fc28 @updates-testing $ dmesg | grep microcode [ 0.520184] microcode: sig=0x306c3, pf=0x2, revision=0x24 [ 0.520453] microcode: Microcode Update Driver: v2.2. $ lscpu | grep Intel Identifiant constructeur : GenuineIntel Nom de modèle : Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
According to upstream documentation here: https://downloadcenter.intel.com/download/28039/Linux-Processor-Microcode-Data-File == 20180807 Release == ../.. ---- updated platforms ------------------------------------ ../.. HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3
It should be "revision=0x25" but it is "24".
The checker script found here : https://github.com/speed47/spectre-meltdown-checker reports: Spectre and Meltdown mitigation detection tool v0.39+ ../.. * CPU microcode is the latest known available version: NO (you have version 0x24 and latest known version is 0x25) ../.. CVE-2018-3640 [rogue system register read] aka 'Variant 3a' * CPU microcode mitigates the vulnerability: NO
CVE-2018-3639 [speculative store bypass] aka 'Variant 4' * Mitigated according to the /sys interface: NO (Vulnerable) * Kernel supports speculation store bypass: YES (found in /proc/self/status)
IMHO the new microcode is not applied by the kernel for some reason.
I reported my issue as a bug here: https://bugzilla.redhat.com/show_bug.cgi?id=1616433
@yannick
first just because it donÄt update YOUR CPU does NOT justify negative karma leading hold back the update for all the ton of othermachines wehre it does
second: you pretty sure missed "dracut -f" because after the Haswell TSX updates microcode needs to be loaded realy and so included in the initrd - so either "dracut -f" or wait for the next kernel update generating a new initrd anyways
ty @hreindl, $ sudo dracut -f fixed the issue. Why is this command not part of the install process of microcode_ctl?
because it's not much fun overwrite the last recent known working initrd with arbitary updates
lsinitrd shows you what is all in there and you have for every installed kernel a own initrd, if something is borked there and you update the kernel without reboot and the kernel don't work your last recent entry is also dead
the whole idea of having more than one kernel is to ensure a working way back at boot in case of troubles and when every random package which is contaiend in the initrd re-creates it you will lose that capability, so just wait for the next kernel which is anyways away only a feew days on fedora or RTFM
[root@rh:~]$ uname -a Linux rh.thelounge.net 4.17.14-202.fc28.x86_64 #1 SMP Wed Aug 15 12:29:25 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
however, just because something does not have any positive impact for you don't justify negative karma and holding back the update for everryone else by disable autopush as long you can't point out a regression
WFM: