obsolete

Security fixes for CVE-2020-0548, CVE-2020-0549, CVE-2020-0543

FEDORA-2020-7bb2398b6b created by aarapov 3 years ago for Fedora 32

Update to upstream 2.1-28. 20200609

This update has been submitted for testing by aarapov.

3 years ago

This update's test gating status has been changed to 'waiting'.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago
User Icon klaas commented & provided feedback 3 years ago
karma

Update working as expected on 06-8e-09 -- new microcode is applied at boot after running dracut

Is there a reason the microcode_ctl update doesn't automatically run dracut?

BZ#1795348 CVE-2020-0548 microcode_ctl: hw: Vector Register Data Sampling [fedora-all]
BZ#1795349 CVE-2020-0549 microcode_ctl: hw: L1D Cache Eviction Sampling [fedora-all]
BZ#1845630 CVE-2020-0543 microcode_ctl: hw: Special Register Buffer Data Sampling (SRBDS) [fedora-all]
Test Case microcode update
User Icon aarapov commented & provided feedback 3 years ago

@klaas, you can have a look at the last 3 comments in this bug for explanation and an answer to your question: https://bugzilla.redhat.com/show_bug.cgi?id=1616433

User Icon imabug provided feedback 3 years ago
karma
User Icon xvitaly commented & provided feedback 3 years ago

Some users reported system hangs on Skylake CPUs: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31

SUSE: https://bugzilla.suse.com/show_bug.cgi?id=1172856

Please test this update carefully before adding +1 karma.

User Icon xvitaly commented & provided feedback 3 years ago
karma

Setting -1 to disable autopush to stable.

User Icon xvitaly commented & provided feedback 3 years ago

This update has been pushed to testing.

3 years ago

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

3 years ago
User Icon bojan commented & provided feedback 3 years ago
karma

Works.

This update can be pushed to stable now if the maintainer wishes

3 years ago
User Icon mharpau commented & provided feedback 3 years ago
karma

No regressions on T480/T480s.

Test Case microcode update
User Icon renault commented & provided feedback 3 years ago
karma

No regressions found

User Icon frantisekz commented & provided feedback 3 years ago
karma

Seems OK on T470s

User Icon norbertj commented & provided feedback 3 years ago
karma

No issues noticed on Ideapad with Core i3-6006U (06-4e-03) and current stable kernel-5.6.18-300.fc32.x86_64. Microcode revision changed from 0xd6 to 0xdc and output of /sys/devices/system/cpu/vulnerabilities/srbds from "Vulnerable: No microcode" to "Mitigation: Microcode".

User Icon xvitaly commented & provided feedback 3 years ago

Intel identified an issue when OS loading microcode update revision 0xDC for cpuid 406E3 and 506E3. The microcode update has been reverted to revision 0xD6. This issue does not affect the microcode update when loaded from BIOS.

https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826

User Icon xvitaly commented & provided feedback 3 years ago

BTW, Intel has released the microcode-20200616 update.

This update has been obsoleted by microcode_ctl-2.1-39.fc32.

3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
6
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
3 years ago
in testing
3 years ago
BZ#1795348 CVE-2020-0548 microcode_ctl: hw: Vector Register Data Sampling [fedora-all]
0
1
BZ#1795349 CVE-2020-0549 microcode_ctl: hw: L1D Cache Eviction Sampling [fedora-all]
0
1
BZ#1845630 CVE-2020-0543 microcode_ctl: hw: Special Register Buffer Data Sampling (SRBDS) [fedora-all]
0
1

Automated Test Results

Test Cases

0 2 Test Case microcode update