From 27eecafda8e5b2869f4522a500a5a91ae5b06226 Mon Sep 17 00:00:00 2001 From: anolis-bot Date: Thu, 3 Nov 2022 08:07:43 +0800 Subject: [PATCH] update to microcode_ctl-2.1-73.15.el7_9 Signed-off-by: anolis-bot --- ...hanges-summary-fixes-for-microcode-2.patch | 47 ------------ 06-55-04_readme | 3 + README.caveats | 2 + dist | 1 + download | 2 +- ...ocode_ctl-use-microcode-20220809-tgz.patch | 2 +- microcode_ctl.spec | 72 +++++++++++++++++-- 7 files changed, 73 insertions(+), 56 deletions(-) delete mode 100644 0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch create mode 100644 dist rename microcode_ctl-use-microcode-20220510-tgz.patch => microcode_ctl-use-microcode-20220809-tgz.patch (91%) diff --git a/0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch b/0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch deleted file mode 100644 index 938e31b..0000000 --- a/0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 6ff5aa24a9460441cf2f1008792af134aeca0931 Mon Sep 17 00:00:00 2001 -From: Eugene Syromiatnikov -Date: Tue, 10 May 2022 20:48:31 +0200 -Subject: [PATCH] releasenote.md: changes summary fixes for microcode-20220510 - -* releasenote.md (New Platforms): Change the second 06-bf-02/03 entry -to 06-bf-05/03. -(Updated Platforms): Change the case to lower in PF of 06-37-09/0f; -change "GKL-R" to "GLK-R" (stands for Gemini Lake Refresh). - -Signed-off-by: Eugene Syromiatnikov ---- - releasenote.md | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/releasenote.md b/releasenote.md -index 7fac640..c4a1ba7 100644 ---- a/releasenote.md -+++ b/releasenote.md -@@ -18,13 +18,13 @@ - | ADL | L0 | 06-9a-03/80 | | 0000041c | Core Gen12 - | ADL | L0 | 06-9a-04/80 | | 0000041c | Core Gen12 - | ADL | C0 | 06-bf-02/03 | | 0000001f | Core Gen12 --| ADL | C0 | 06-bf-02/03 | | 0000001f | Core Gen12 -+| ADL | C0 | 06-bf-05/03 | | 0000001f | Core Gen12 - - ### Updated Platforms - - | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products - |:---------------|:---------|:------------|:---------|:---------|:--------- --| VLV | D0 | 06-37-09/0F | 0000090c | 0000090d | Atom E38xx -+| VLV | D0 | 06-37-09/0f | 0000090c | 0000090d | Atom E38xx - | SKL-U/Y | D0 | 06-4e-03/c0 | 000000ec | 000000f0 | Core Gen6 Mobile - | SKX-SP | B1 | 06-55-03/97 | 0100015c | 0100015d | Xeon Scalable - | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006c0a | 02006d05 | Xeon Scalable -@@ -38,7 +38,7 @@ - | DNV | B0 | 06-5f-01/01 | 00000036 | 00000038 | Atom C Series - | ICX-SP | D0 | 06-6a-06/87 | 0d000331 | 0d000363 | Xeon Scalable Gen3 - | GLK | B0 | 06-7a-01/01 | 00000038 | 0000003a | Pentium Silver N/J5xxx, Celeron N/J4xxx --| GKL-R | R0 | 06-7a-08/01 | 0000001c | 0000001e | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 -+| GLK-R | R0 | 06-7a-08/01 | 0000001c | 0000001e | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 - | ICL-U/Y | D1 | 06-7e-05/80 | 000000a8 | 000000b0 | Core Gen10 Mobile - | LKF | B2/B3 | 06-8a-01/10 | 0000002d | 00000031 | Core w/Hybrid Technology - | TGL | B1 | 06-8c-01/80 | 0000009a | 000000a4 | Core Gen11 Mobile --- -2.13.6 - diff --git a/06-55-04_readme b/06-55-04_readme index 7ebd3e4..373e600 100644 --- a/06-55-04_readme +++ b/06-55-04_readme @@ -22,6 +22,7 @@ microcode revisions in question are listed below: * 06-55-04, revision 0x2006b06: cb5bec976cb9754e3a22ab6828b3262a8f9eccf7 * 06-55-04, revision 0x2006c0a: 76b641375d136c08f5feb46aacebee40468ac085 * 06-55-04, revision 0x2006d05: dc4207cf4eb916ff34acbdddc474db0df781234f + * 06-55-04, revision 0x2006e05: bc67d247ad1c9a834bec5e452606db1381d6bc7e Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions @@ -65,6 +66,8 @@ to the following knowledge base articles: CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure), CVE-2022-21166 (Device Register Partial Write): https://access.redhat.com/articles/6963124 + * CVE-2022-21233 (Stale Data Read from legacy xAPIC): + https://access.redhat.com/articles/6976398 The information regarding disabling microcode update is provided below. diff --git a/README.caveats b/README.caveats index b4b0e62..172a066 100644 --- a/README.caveats +++ b/README.caveats @@ -835,3 +835,5 @@ Intel CPU vulnerabilities is available in the following knowledge base articles: CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure), CVE-2022-21166 (Device Register Partial Write): https://access.redhat.com/articles/6963124 + * CVE-2022-21233 (Stale Data Read from legacy xAPIC): + https://access.redhat.com/articles/6976398 diff --git a/dist b/dist new file mode 100644 index 0000000..ad8eb77 --- /dev/null +++ b/dist @@ -0,0 +1 @@ +an7_9 diff --git a/download b/download index 2bdfed7..158085f 100644 --- a/download +++ b/download @@ -1,2 +1,2 @@ -0f36b9317a3c9d2d99988886463196eb microcode-20220510.tar.gz +0cb2de92d2ae8bf457e43263608d419b microcode-20220809.tar.gz 69257ac2c31b0ff2972978d299175c6c microcode_ctl-2.1-18.tar.xz diff --git a/microcode_ctl-use-microcode-20220510-tgz.patch b/microcode_ctl-use-microcode-20220809-tgz.patch similarity index 91% rename from microcode_ctl-use-microcode-20220510-tgz.patch rename to microcode_ctl-use-microcode-20220809-tgz.patch index fcf52bc..9c24c02 100644 --- a/microcode_ctl-use-microcode-20220510-tgz.patch +++ b/microcode_ctl-use-microcode-20220809-tgz.patch @@ -7,7 +7,7 @@ Index: microcode_ctl-2.1-18/Makefile PROGRAM = intel-microcode2ucode -MICROCODE_INTEL = microcode-20180703.tgz -+MICROCODE_INTEL = microcode-20220510.tar.gz ++MICROCODE_INTEL = microcode-20220809.tar.gz INS = install CC = gcc diff --git a/microcode_ctl.spec b/microcode_ctl.spec index 26ae5c0..f294a7f 100644 --- a/microcode_ctl.spec +++ b/microcode_ctl.spec @@ -1,5 +1,5 @@ %define upstream_version 2.1-18 -%define intel_ucode_version 20220510 +%define intel_ucode_version 20220809 %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats %define microcode_ctl_libexec %{_libexecdir}/microcode_ctl @@ -21,7 +21,7 @@ Summary: Tool to transform and deploy CPU microcode update for x86. Name: microcode_ctl Version: 2.1 -Release: 73.14%{?dist} +Release: 73.15%{?dist} Epoch: 2 Group: System Environment/Base License: GPLv2+ and Redistributable, no modification permitted @@ -116,9 +116,6 @@ Patch4: microcode_ctl-do-not-install-intel-ucode.patch Patch5: microcode_ctl-intel-microcode2ucode-buf-handling.patch Patch6: microcode_ctl-ignore-first-directory-level-in-archive.patch -# microcode-20220510-1-g6ff5aa2 "releasenote.md: changes summary fixes for microcode-20220510" -Patch1001: 0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch - Buildroot: %{_tmppath}/%{name}-%{version}-root ExclusiveArch: %{ix86} x86_64 @@ -166,8 +163,6 @@ cp "%{SOURCE1}" . # strip it. %patch6 -p1 -%patch1001 -p1 - %build make CFLAGS="$RPM_OPT_FLAGS" %{?_smp_mflags} @@ -558,6 +553,69 @@ rm -rf %{buildroot} %changelog +* Tue Aug 09 2022 Eugene Syromiatnikov - 2:2.1-73.15 +- Update Intel CPU microcode to microcode-20220510 release, addresses + CVE-2022-21233 (#2119080): + - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in + intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006d05 up + to 0x2006e05; + - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015d + up to 0x100015e; + - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd000363 + up to 0xd000375; + - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x3a up + to 0x3c; + - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1e up + to 0x20; + - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xb0 + up to 0xb2; + - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x26 up + to 0x28; + - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x3e up + to 0x40; + - Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode from revision + 0x1f up to 0x22; + - Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in + intel-ucode/06-97-02) from revision 0x1f up to 0x22; + - Update of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-02) + from revision 0x1f up to 0x22; + - Update of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-02) + from revision 0x1f up to 0x22; + - Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode (in + intel-ucode/06-97-05) from revision 0x1f up to 0x22; + - Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode from revision 0x1f + up to 0x22; + - Update of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-05) + from revision 0x1f up to 0x22; + - Update of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-05) + from revision 0x1f up to 0x22; + - Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision + 0x41c up to 0x421; + - Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in + intel-ucode/06-9a-03) from revision 0x41c up to 0x421; + - Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in + intel-ucode/06-9a-04) from revision 0x41c up to 0x421; + - Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x41c + up to 0x421; + - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x53 up + to 0x54; + - Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode (in + intel-ucode/06-bf-02) from revision 0x1f up to 0x22; + - Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in + intel-ucode/06-bf-02) from revision 0x1f up to 0x22; + - Update of 06-bf-02/0x03 (ADL C0) microcode from revision 0x1f up + to 0x22; + - Update of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-bf-02) + from revision 0x1f up to 0x22; + - Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode (in + intel-ucode/06-bf-05) from revision 0x1f up to 0x22; + - Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in + intel-ucode/06-bf-05) from revision 0x1f up to 0x22; + - Update of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-bf-05) + from revision 0x1f up to 0x22; + - Update of 06-bf-05/0x03 (ADL C0) microcode from revision 0x1f up + to 0x22. + * Tue May 10 2022 Eugene Syromiatnikov - 2:2.1-73.14 - Update Intel CPU microcode to microcode-20220510 release, addresses CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151 (#2090246, -- Gitee