From 4cfd03023ef2a98a5a8b677390a41ddfabc2a462 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 02 2022 16:12:35 +0000 Subject: import microcode_ctl-2.1-73.15.el7_9 --- diff --git a/.gitignore b/.gitignore index 073fe13..63c3eff 100644 --- a/.gitignore +++ b/.gitignore @@ -2,5 +2,5 @@ SOURCES/06-2d-07 SOURCES/06-4e-03 SOURCES/06-55-04 SOURCES/06-5e-03 -SOURCES/microcode-20220510.tar.gz +SOURCES/microcode-20220809.tar.gz SOURCES/microcode_ctl-2.1-18.tar.xz diff --git a/.microcode_ctl.metadata b/.microcode_ctl.metadata index 5517c69..13e0df9 100644 --- a/.microcode_ctl.metadata +++ b/.microcode_ctl.metadata @@ -2,5 +2,5 @@ bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07 06432a25053c823b0e2a6b8e84e2e2023ee3d43e SOURCES/06-4e-03 2e405644a145de0f55517b6a9de118eec8ec1e5a SOURCES/06-55-04 86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03 -0aeb386e2f4650e04bb748a75ecec10f4642e4a5 SOURCES/microcode-20220510.tar.gz +13f53eed16b393325f1cf571113f102afb7ac27b SOURCES/microcode-20220809.tar.gz 3959afc5d69a916a730131ce0f768db263e9e4f1 SOURCES/microcode_ctl-2.1-18.tar.xz diff --git a/SOURCES/0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch b/SOURCES/0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch deleted file mode 100644 index 938e31b..0000000 --- a/SOURCES/0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 6ff5aa24a9460441cf2f1008792af134aeca0931 Mon Sep 17 00:00:00 2001 -From: Eugene Syromiatnikov -Date: Tue, 10 May 2022 20:48:31 +0200 -Subject: [PATCH] releasenote.md: changes summary fixes for microcode-20220510 - -* releasenote.md (New Platforms): Change the second 06-bf-02/03 entry -to 06-bf-05/03. -(Updated Platforms): Change the case to lower in PF of 06-37-09/0f; -change "GKL-R" to "GLK-R" (stands for Gemini Lake Refresh). - -Signed-off-by: Eugene Syromiatnikov ---- - releasenote.md | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/releasenote.md b/releasenote.md -index 7fac640..c4a1ba7 100644 ---- a/releasenote.md -+++ b/releasenote.md -@@ -18,13 +18,13 @@ - | ADL | L0 | 06-9a-03/80 | | 0000041c | Core Gen12 - | ADL | L0 | 06-9a-04/80 | | 0000041c | Core Gen12 - | ADL | C0 | 06-bf-02/03 | | 0000001f | Core Gen12 --| ADL | C0 | 06-bf-02/03 | | 0000001f | Core Gen12 -+| ADL | C0 | 06-bf-05/03 | | 0000001f | Core Gen12 - - ### Updated Platforms - - | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products - |:---------------|:---------|:------------|:---------|:---------|:--------- --| VLV | D0 | 06-37-09/0F | 0000090c | 0000090d | Atom E38xx -+| VLV | D0 | 06-37-09/0f | 0000090c | 0000090d | Atom E38xx - | SKL-U/Y | D0 | 06-4e-03/c0 | 000000ec | 000000f0 | Core Gen6 Mobile - | SKX-SP | B1 | 06-55-03/97 | 0100015c | 0100015d | Xeon Scalable - | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006c0a | 02006d05 | Xeon Scalable -@@ -38,7 +38,7 @@ - | DNV | B0 | 06-5f-01/01 | 00000036 | 00000038 | Atom C Series - | ICX-SP | D0 | 06-6a-06/87 | 0d000331 | 0d000363 | Xeon Scalable Gen3 - | GLK | B0 | 06-7a-01/01 | 00000038 | 0000003a | Pentium Silver N/J5xxx, Celeron N/J4xxx --| GKL-R | R0 | 06-7a-08/01 | 0000001c | 0000001e | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 -+| GLK-R | R0 | 06-7a-08/01 | 0000001c | 0000001e | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 - | ICL-U/Y | D1 | 06-7e-05/80 | 000000a8 | 000000b0 | Core Gen10 Mobile - | LKF | B2/B3 | 06-8a-01/10 | 0000002d | 00000031 | Core w/Hybrid Technology - | TGL | B1 | 06-8c-01/80 | 0000009a | 000000a4 | Core Gen11 Mobile --- -2.13.6 - diff --git a/SOURCES/06-55-04_readme b/SOURCES/06-55-04_readme index 7ebd3e4..373e600 100644 --- a/SOURCES/06-55-04_readme +++ b/SOURCES/06-55-04_readme @@ -22,6 +22,7 @@ microcode revisions in question are listed below: * 06-55-04, revision 0x2006b06: cb5bec976cb9754e3a22ab6828b3262a8f9eccf7 * 06-55-04, revision 0x2006c0a: 76b641375d136c08f5feb46aacebee40468ac085 * 06-55-04, revision 0x2006d05: dc4207cf4eb916ff34acbdddc474db0df781234f + * 06-55-04, revision 0x2006e05: bc67d247ad1c9a834bec5e452606db1381d6bc7e Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions @@ -65,6 +66,8 @@ to the following knowledge base articles: CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure), CVE-2022-21166 (Device Register Partial Write): https://access.redhat.com/articles/6963124 + * CVE-2022-21233 (Stale Data Read from legacy xAPIC): + https://access.redhat.com/articles/6976398 The information regarding disabling microcode update is provided below. diff --git a/SOURCES/README.caveats b/SOURCES/README.caveats index b4b0e62..172a066 100644 --- a/SOURCES/README.caveats +++ b/SOURCES/README.caveats @@ -835,3 +835,5 @@ Intel CPU vulnerabilities is available in the following knowledge base articles: CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure), CVE-2022-21166 (Device Register Partial Write): https://access.redhat.com/articles/6963124 + * CVE-2022-21233 (Stale Data Read from legacy xAPIC): + https://access.redhat.com/articles/6976398 diff --git a/SOURCES/microcode_ctl-use-microcode-20220510-tgz.patch b/SOURCES/microcode_ctl-use-microcode-20220510-tgz.patch deleted file mode 100644 index fcf52bc..0000000 --- a/SOURCES/microcode_ctl-use-microcode-20220510-tgz.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: microcode_ctl-2.1-18/Makefile -=================================================================== ---- microcode_ctl-2.1-18.orig/Makefile 2018-07-24 09:15:12.463115045 +0200 -+++ microcode_ctl-2.1-18/Makefile 2018-08-09 06:18:45.524503945 +0200 -@@ -8,7 +8,7 @@ - # 2 of the License, or (at your option) any later version. - - PROGRAM = intel-microcode2ucode --MICROCODE_INTEL = microcode-20180703.tgz -+MICROCODE_INTEL = microcode-20220510.tar.gz - - INS = install - CC = gcc diff --git a/SOURCES/microcode_ctl-use-microcode-20220809-tgz.patch b/SOURCES/microcode_ctl-use-microcode-20220809-tgz.patch new file mode 100644 index 0000000..9c24c02 --- /dev/null +++ b/SOURCES/microcode_ctl-use-microcode-20220809-tgz.patch @@ -0,0 +1,13 @@ +Index: microcode_ctl-2.1-18/Makefile +=================================================================== +--- microcode_ctl-2.1-18.orig/Makefile 2018-07-24 09:15:12.463115045 +0200 ++++ microcode_ctl-2.1-18/Makefile 2018-08-09 06:18:45.524503945 +0200 +@@ -8,7 +8,7 @@ + # 2 of the License, or (at your option) any later version. + + PROGRAM = intel-microcode2ucode +-MICROCODE_INTEL = microcode-20180703.tgz ++MICROCODE_INTEL = microcode-20220809.tar.gz + + INS = install + CC = gcc diff --git a/SPECS/microcode_ctl.spec b/SPECS/microcode_ctl.spec index 26ae5c0..f294a7f 100644 --- a/SPECS/microcode_ctl.spec +++ b/SPECS/microcode_ctl.spec @@ -1,5 +1,5 @@ %define upstream_version 2.1-18 -%define intel_ucode_version 20220510 +%define intel_ucode_version 20220809 %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats %define microcode_ctl_libexec %{_libexecdir}/microcode_ctl @@ -21,7 +21,7 @@ Summary: Tool to transform and deploy CPU microcode update for x86. Name: microcode_ctl Version: 2.1 -Release: 73.14%{?dist} +Release: 73.15%{?dist} Epoch: 2 Group: System Environment/Base License: GPLv2+ and Redistributable, no modification permitted @@ -116,9 +116,6 @@ Patch4: microcode_ctl-do-not-install-intel-ucode.patch Patch5: microcode_ctl-intel-microcode2ucode-buf-handling.patch Patch6: microcode_ctl-ignore-first-directory-level-in-archive.patch -# microcode-20220510-1-g6ff5aa2 "releasenote.md: changes summary fixes for microcode-20220510" -Patch1001: 0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch - Buildroot: %{_tmppath}/%{name}-%{version}-root ExclusiveArch: %{ix86} x86_64 @@ -166,8 +163,6 @@ cp "%{SOURCE1}" . # strip it. %patch6 -p1 -%patch1001 -p1 - %build make CFLAGS="$RPM_OPT_FLAGS" %{?_smp_mflags} @@ -558,6 +553,69 @@ rm -rf %{buildroot} %changelog +* Tue Aug 09 2022 Eugene Syromiatnikov - 2:2.1-73.15 +- Update Intel CPU microcode to microcode-20220510 release, addresses + CVE-2022-21233 (#2119080): + - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in + intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006d05 up + to 0x2006e05; + - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015d + up to 0x100015e; + - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd000363 + up to 0xd000375; + - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x3a up + to 0x3c; + - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1e up + to 0x20; + - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xb0 + up to 0xb2; + - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x26 up + to 0x28; + - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x3e up + to 0x40; + - Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode from revision + 0x1f up to 0x22; + - Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in + intel-ucode/06-97-02) from revision 0x1f up to 0x22; + - Update of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-02) + from revision 0x1f up to 0x22; + - Update of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-02) + from revision 0x1f up to 0x22; + - Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode (in + intel-ucode/06-97-05) from revision 0x1f up to 0x22; + - Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode from revision 0x1f + up to 0x22; + - Update of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-05) + from revision 0x1f up to 0x22; + - Update of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-05) + from revision 0x1f up to 0x22; + - Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision + 0x41c up to 0x421; + - Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in + intel-ucode/06-9a-03) from revision 0x41c up to 0x421; + - Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in + intel-ucode/06-9a-04) from revision 0x41c up to 0x421; + - Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x41c + up to 0x421; + - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x53 up + to 0x54; + - Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode (in + intel-ucode/06-bf-02) from revision 0x1f up to 0x22; + - Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in + intel-ucode/06-bf-02) from revision 0x1f up to 0x22; + - Update of 06-bf-02/0x03 (ADL C0) microcode from revision 0x1f up + to 0x22; + - Update of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-bf-02) + from revision 0x1f up to 0x22; + - Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode (in + intel-ucode/06-bf-05) from revision 0x1f up to 0x22; + - Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in + intel-ucode/06-bf-05) from revision 0x1f up to 0x22; + - Update of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-bf-05) + from revision 0x1f up to 0x22; + - Update of 06-bf-05/0x03 (ADL C0) microcode from revision 0x1f up + to 0x22. + * Tue May 10 2022 Eugene Syromiatnikov - 2:2.1-73.14 - Update Intel CPU microcode to microcode-20220510 release, addresses CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151 (#2090246,