diff --git a/.gitignore b/.gitignore
index c4fca8e..b762a2e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
 SOURCES/06-2d-07
+SOURCES/06-4e-03
 SOURCES/06-55-04
-SOURCES/microcode-20200602.tar.gz
+SOURCES/06-5e-03
+SOURCES/microcode-20200609.tar.gz
diff --git a/.microcode_ctl.metadata b/.microcode_ctl.metadata
index 5e26097..2eb348d 100644
--- a/.microcode_ctl.metadata
+++ b/.microcode_ctl.metadata
@@ -1,3 +1,5 @@
 bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07
+06432a25053c823b0e2a6b8e84e2e2023ee3d43e SOURCES/06-4e-03
 2e405644a145de0f55517b6a9de118eec8ec1e5a SOURCES/06-55-04
-ea699fd62ba3625062cae60d4a657fa11822b372 SOURCES/microcode-20200602.tar.gz
+86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03
+c2a433c1f68c2dc5b752bd7dddf204ea89ad5761 SOURCES/microcode-20200609.tar.gz
diff --git a/SOURCES/06-2d-07_config b/SOURCES/06-2d-07_config
index 23e1d08..979455d 100644
--- a/SOURCES/06-2d-07_config
+++ b/SOURCES/06-2d-07_config
@@ -1,3 +1,13 @@
 model GenuineIntel 06-2d-07
 path intel-ucode/06-2d-07
-disable early late
+## The "kernel_early" statements are carried over from the intel caveat config
+## in order to avoid enabling this newer microcode on these problematic kernels;
+## see the caveat description in /usr/share/doc/microcode_ctl/caveats/intel_readme
+## (That also means that this caveat has to be enforced separately on these
+## kernels.)
+kernel_early 4.10.0
+kernel_early 3.10.0-930
+kernel_early 3.10.0-862.14.1
+kernel_early 3.10.0-693.38.1
+kernel_early 3.10.0-514.57.1
+kernel_early 3.10.0-327.73.1
diff --git a/SOURCES/06-2d-07_disclaimer b/SOURCES/06-2d-07_disclaimer
index c8d99c4..ae71a34 100644
--- a/SOURCES/06-2d-07_disclaimer
+++ b/SOURCES/06-2d-07_disclaimer
@@ -1,4 +1,4 @@
 MDS-related microcode update for Intel Sandy Bridge-EP (family 6, model 45,
-stepping 7; CPUID 0x206d7) CPUs is disabled as it may cause system instability.
+stepping 7; CPUID 0x206d7) CPUs is disabled.
 Please refer to /usr/share/doc/microcode_ctl/caveats/06-2d-07_readme
 and /usr/share/doc/microcode_ctl/README.caveats for details.
diff --git a/SOURCES/06-2d-07_readme b/SOURCES/06-2d-07_readme
index 2a9f5ec..e5e575b 100644
--- a/SOURCES/06-2d-07_readme
+++ b/SOURCES/06-2d-07_readme
@@ -1,9 +1,11 @@
 Intel Sandy Bridge-E/EN/EP CPU models (SNB-EP, family 6, model 45, stepping 7)
-have issues with MDS-related microcode update that may lead to a system hang
+had issues with MDS-related microcode update that may lead to a system hang
 after a microcode update[1][2].  In order to address this, microcode update
-to the MDS-related revision 0x718 has been disabled, and the previously
+to the MDS-related revision 0x718 had been disabled, and the previously
 published microcode revision 0x714 is used by default for the OS-driven
-microcode update.
+microcode update.  The revision 0x71a of the microcode is intended to fix
+the aforementioned issue, hence it is enabled by default (but can be disabled
+explicitly; see below).
 
 [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/15
 [2] https://access.redhat.com/solutions/4593951
@@ -28,30 +30,27 @@ to the following knowledge base articles:
    ("Microarchitectural Data Sampling"):
    https://access.redhat.com/articles/4138151
 
-The information regarding enforcing microcode load is provided below.
+The information regarding disabling microcode update is provided below.
 
-To enforce usage of the 0x718 microcode revision for a specific kernel version,
-please create file "force-intel-06-2d-07" inside /lib/firmware/<kernel_version>
-directory, run "/usr/libexec/microcode_ctl/update_ucode" to add it to firmware
-directory where microcode will be available for late microcode update,
-and run "dracut -f --kver <kernel_version>", so initramfs for this kernel
-version is regenerated and the microcode can be loaded early, for example:
+To disable usage of the newer microcode revision for a specific kernel
+version, please create file "disallow-intel-06-2d-07" inside
+/lib/firmware/<kernel_version> directory, run
+"/usr/libexec/microcode_ctl/update_ucode" to add it to firmware directory
+where microcode will be available for late microcode update, and run
+"dracut -f --kver <kernel_version>", so initramfs for this kernel version
+is regenerated and the microcode can be loaded early, for example:
 
-    touch /lib/firmware/3.10.0-862.9.1/force-intel-06-2d-07
+    touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-2d-07
     /usr/libexec/microcode_ctl/update_ucode
     dracut -f --kver 3.10.0-862.9.1
 
-After that, it is possible to perform a late microcode update by executing
-"/usr/libexec/microcode_ctl/reload_microcode" or by writing value "1" to
-"/sys/devices/system/cpu/microcode/reload" directly.
-
-To enforce addition of this microcode for all kernels, please create file
-"/etc/microcode_ctl/ucode_with_caveats/force-intel-06-2d-07", run
-"/usr/libexec/microcode_ctl/update_ucode" for enabling late microcode updates,
-and "dracut -f --regenerate-all" for enabling early microcode updates:
+To avoid addition of the newer microcode revision for all kernels, please create
+file "/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-2d-07", run
+"/usr/libexec/microcode_ctl/update_ucode" for late microcode updates,
+and "dracut -f --regenerate-all" for early microcode updates:
 
     mkdir -p /etc/microcode_ctl/ucode_with_caveats
-    touch /etc/microcode_ctl/ucode_with_caveats/force-intel-06-2d-07
+    touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-2d-07
     /usr/libexec/microcode_ctl/update_ucode
     dracut -f --regenerate-all
 
diff --git a/SOURCES/06-4e-03_config b/SOURCES/06-4e-03_config
new file mode 100644
index 0000000..bee51b2
--- /dev/null
+++ b/SOURCES/06-4e-03_config
@@ -0,0 +1,3 @@
+model GenuineIntel 06-4e-03
+path intel-ucode/06-4e-03
+disable early late
diff --git a/SOURCES/06-4e-03_disclaimer b/SOURCES/06-4e-03_disclaimer
new file mode 100644
index 0000000..ec27ef7
--- /dev/null
+++ b/SOURCES/06-4e-03_disclaimer
@@ -0,0 +1,5 @@
+Microcode revisions 0xda and higher for Intel Skylake-U/Y (family 6,
+model 78, stepping 3; CPUID 0x406e3) are disabled as they may cause system
+instability; the previously published revision 0xd6 is used instead.
+Please refer to /usr/share/doc/microcode_ctl/caveats/06-4e-03_readme
+and /usr/share/doc/microcode_ctl/README.caveats for details.
diff --git a/SOURCES/06-4e-03_readme b/SOURCES/06-4e-03_readme
new file mode 100644
index 0000000..e221544
--- /dev/null
+++ b/SOURCES/06-4e-03_readme
@@ -0,0 +1,68 @@
+Some Intel Skylake CPU models (SKL-U/Y, family 6, model 78, stepping 3)
+have reports of system hangs when revision 0xdc of microcode, that is included
+since microcode-20200609 update to address CVE-2020-0543, CVE-2020-0548,
+and CVE-2020-0549, is applied[1].  In order to address this, microcode update
+to the newer revision has been disabled by default on these systems,
+and the previously published microcode revision 0xd6 is used by default
+for the OS-driven microcode update.
+
+[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+
+For the reference, SHA1 checksums of 06-55-04 microcode files containing
+microcode revisions in question are listed below:
+ * 06-4e-03, revision 0xd6: 06432a25053c823b0e2a6b8e84e2e2023ee3d43e
+ * 06-4e-03, revision 0xdc: cd1733458d187486999337ff8b51eeaa0cfbca6c
+
+Please contact your system vendor for a BIOS/firmware update that contains
+the latest microcode version.  For the information regarding microcode versions
+required for mitigating specific side-channel cache attacks, please refer
+to the following knowledge base articles:
+ * CVE-2017-5715 ("Spectre"):
+   https://access.redhat.com/articles/3436091
+ * CVE-2018-3639 ("Speculative Store Bypass"):
+   https://access.redhat.com/articles/3540901
+ * CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
+   https://access.redhat.com/articles/3562741
+ * CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
+   ("Microarchitectural Data Sampling"):
+   https://access.redhat.com/articles/4138151
+ * CVE-2019-0117 (Intel SGX Information Leak),
+   CVE-2019-0123 (Intel SGX Privilege Escalation),
+   CVE-2019-11135 (TSX Asynchronous Abort),
+   CVE-2019-11139 (Voltage Setting Modulation):
+   https://access.redhat.com/solutions/2019-microcode-nov
+ * CVE-2020-0543 (Special Register Buffer Data Sampling),
+   CVE-2020-0548 (Vector Register Data Sampling),
+   CVE-2020-0549 (L1D Cache Eviction Sampling):
+   https://access.redhat.com/solutions/5142751
+
+The information regarding enforcing microcode update is provided below.
+
+To enforce usage of the latest 06-4e-03 microcode revision for a specific kernel
+version, please create a file "force-intel-06-4e-03" inside
+/lib/firmware/<kernel_version> directory, run
+"/usr/libexec/microcode_ctl/update_ucode" to add it to firmware directory
+where microcode will be available for late microcode update, and run
+"dracut -f --kver <kernel_version>", so initramfs for this kernel version
+is regenerated and the microcode can be loaded early, for example:
+
+    touch /lib/firmware/3.10.0-862.9.1/force-intel-06-4e-03
+    /usr/libexec/microcode_ctl/update_ucode
+    dracut -f --kver 3.10.0-862.9.1
+
+After that, it is possible to perform a late microcode update by executing
+"/usr/libexec/microcode_ctl/reload_microcode" or by writing value "1" to
+"/sys/devices/system/cpu/microcode/reload" directly.
+
+To enforce addition of this microcode for all kernels, please create file
+"/etc/microcode_ctl/ucode_with_caveats/force-intel-06-4e-03", run
+"/usr/libexec/microcode_ctl/update_ucode" for enabling late microcode updates,
+and "dracut -f --regenerate-all" for enabling early microcode updates:
+
+    mkdir -p /etc/microcode_ctl/ucode_with_caveats
+    touch /etc/microcode_ctl/ucode_with_caveats/force-intel-06-4e-03
+    /usr/libexec/microcode_ctl/update_ucode
+    dracut -f --regenerate-all
+
+Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
+information.
diff --git a/SOURCES/06-55-04_config b/SOURCES/06-55-04_config
index df081c9..373c8ac 100644
--- a/SOURCES/06-55-04_config
+++ b/SOURCES/06-55-04_config
@@ -1,10 +1,22 @@
 model GenuineIntel 06-55-04
 path intel-ucode/06-55-04
-# Bug https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
-# affects only SKX-W/X (Workstation and HEDT segments); product segment
-# can be determined by checking bits 5..3 of the CAPID0 field in PCU registers
-# device (see https://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/xeon-scalable-spec-update.pdf#page=13
-# for Server/FPGA/Fabric segments description; for SKX-W/X no public
-# documentation seems to be available).  Specific device/function numbers
-# are provided for speeding up the search only, VID:DID is the real selector.
-pci_config_val mode=success-all device=0x1e function=3 vid=0x8086 did=0x2083 offset=0x84 size=4 mask=0x38 val=0x38,0x18,0x8
+## Bug https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
+## affects only SKX-W/X (Workstation and HEDT segments); product segment
+## can be determined by checking bits 5..3 of the CAPID0 field in PCU registers
+## device (see https://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/xeon-scalable-spec-update.pdf#page=13
+## for Server/FPGA/Fabric segments description; for SKX-W/X no public
+## documentation seems to be available).  Specific device/function numbers
+## are provided for speeding up the search only, VID:DID is the real selector.
+## Commented out since revision 0x2006906 seems to fix the issue.
+#pci_config_val mode=success-all device=0x1e function=3 vid=0x8086 did=0x2083 offset=0x84 size=4 mask=0x38 val=0x38,0x18,0x8
+## The "kernel_early" statements are carried over from the intel caveat config
+## in order to avoid enabling this newer microcode on these problematic kernels;
+## see the caveat description in /usr/share/doc/microcode_ctl/caveats/intel_readme
+## (That also means that this caveat has to be enforced separately on these
+## kernels.)
+kernel_early 4.10.0
+kernel_early 3.10.0-930
+kernel_early 3.10.0-862.14.1
+kernel_early 3.10.0-693.38.1
+kernel_early 3.10.0-514.57.1
+kernel_early 3.10.0-327.73.1
diff --git a/SOURCES/06-55-04_disclaimer b/SOURCES/06-55-04_disclaimer
index afeb511..66d71bd 100644
--- a/SOURCES/06-55-04_disclaimer
+++ b/SOURCES/06-55-04_disclaimer
@@ -1,5 +1,5 @@
 Microcode revisions 0x2000065 and higher for Intel Skylake-X/W (family 6,
-model 85, stepping 4; CPUID 0x50654) are disabled as they may cause system
-hangs on reboot and the previous revision 0x2000064 is used instead.
+model 85, stepping 4; CPUID 0x50654) were disabled as they could cause system
+hangs on reboot, so the previous revision 0x2000064 was used instead.
 Please refer to /usr/share/doc/microcode_ctl/caveats/06-55-04_readme
 and /usr/share/doc/microcode_ctl/README.caveats for details.
diff --git a/SOURCES/06-55-04_readme b/SOURCES/06-55-04_readme
index fbfeeba..097e07b 100644
--- a/SOURCES/06-55-04_readme
+++ b/SOURCES/06-55-04_readme
@@ -1,10 +1,14 @@
-Intel Skulake Scalable Platform CPU models that belong to Workstation and HEDT
-(Basin Falls) segment (SKL-W/X, family 6, model 85, stepping 4) have reports
-of system hangs on reboot when revision 0x2000065 of microcode, that is included
-since microcode-20191112 update, is applied[1].  In order to address this,
-microcode update to this revision has been disabled by default on these systems,
-and the previously published microcode revision 0x2000064 is used by default
-for the OS-driven microcode update.
+Intel Skylake Scalable Platform CPU models that belong to Workstation and HEDT
+(Basin Falls) segment (SKL-W/X, family 6, model 85, stepping 4) had reports
+of system hangs on reboot when revision 0x2000065 of microcode, that was included
+from microcode-20191112 update up to microcode-20200520 update, was applied[1].
+In order to address this, microcode update to the newer revision had been
+disabled by default on these systems, and the previously published microcode
+revision 0x2000064 is used by default for the OS-driven microcode update.
+
+Since revision 0x2006906 (included with the microcode-20200609 release)
+it is reported that the issue is no longer present, so the newer microcode
+revision is enabled by default now (but can be disabled explicitly; see below).
 
 [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
 
@@ -12,6 +16,7 @@ For the reference, SHA1 checksums of 06-55-04 microcode files containing
 microcode revisions in question are listed below:
  * 06-55-04, revision 0x2000064: 2e405644a145de0f55517b6a9de118eec8ec1e5a
  * 06-55-04, revision 0x2000065: f27f12b9d53f492c297afd856cdbc596786fad23
+ * 06-55-04, revision 0x2006906: 5f18f985f6d5ad369b5f6549b7f3ee55acaef967
 
 Please contact your system vendor for a BIOS/firmware update that contains
 the latest microcode version.  For the information regarding microcode versions
@@ -31,32 +36,32 @@ to the following knowledge base articles:
    CVE-2019-11135 (TSX Asynchronous Abort),
    CVE-2019-11139 (Voltage Setting Modulation):
    https://access.redhat.com/solutions/2019-microcode-nov
+ * CVE-2020-0543 (Special Register Buffer Data Sampling),
+   CVE-2020-0548 (Vector Register Data Sampling),
+   CVE-2020-0549 (L1D Cache Eviction Sampling):
+   https://access.redhat.com/solutions/5142751
 
-The information regarding enforcing microcode update is provided below.
+The information regarding disabling microcode update is provided below.
 
-To enforce usage of the 0x2000065 microcode revision for a specific kernel
-version, please create a file "force-intel-06-55-04" inside
+To disable usage of the newer microcode revision for a specific kernel
+version, please create a file "disallow-intel-06-55-04" inside
 /lib/firmware/<kernel_version> directory, run
-"/usr/libexec/microcode_ctl/update_ucode" to add it to firmware directory
-where microcode will be available for late microcode update, and run
-"dracut -f --kver <kernel_version>", so initramfs for this kernel version
-is regenerated and the microcode can be loaded early, for example:
+"/usr/libexec/microcode_ctl/update_ucode" to update firmware directory
+used for late microcode updates, and run "dracut -f --kver <kernel_version>"
+so initramfs for this kernel version is regenerated, for example:
 
-    touch /lib/firmware/3.10.0-862.9.1/force-intel-06-55-04
+    touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-55-04
     /usr/libexec/microcode_ctl/update_ucode
     dracut -f --kver 3.10.0-862.9.1
 
-After that, it is possible to perform a late microcode update by executing
-"/usr/libexec/microcode_ctl/reload_microcode" or by writing value "1" to
-"/sys/devices/system/cpu/microcode/reload" directly.
-
-To enforce addition of this microcode for all kernels, please create file
-"/etc/microcode_ctl/ucode_with_caveats/force-intel-06-55-04", run
-"/usr/libexec/microcode_ctl/update_ucode" for enabling late microcode updates,
-and "dracut -f --regenerate-all" for enabling early microcode updates:
+To disable usage of the newer microcode revision for all kernels, please create
+file "/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-04", run
+"/usr/libexec/microcode_ctl/update_ucode" to update firmware directories
+used for late microcode updates, and run "dracut -f --regenerate-all"
+so initramfs images get regenerated, for example:
 
     mkdir -p /etc/microcode_ctl/ucode_with_caveats
-    touch /etc/microcode_ctl/ucode_with_caveats/force-intel-06-55-04
+    touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-04
     /usr/libexec/microcode_ctl/update_ucode
     dracut -f --regenerate-all
 
diff --git a/SOURCES/06-5e-03_config b/SOURCES/06-5e-03_config
new file mode 100644
index 0000000..7482d36
--- /dev/null
+++ b/SOURCES/06-5e-03_config
@@ -0,0 +1,3 @@
+model GenuineIntel 06-5e-03
+path intel-ucode/06-5e-03
+disable early late
diff --git a/SOURCES/06-5e-03_disclaimer b/SOURCES/06-5e-03_disclaimer
new file mode 100644
index 0000000..7e3bb16
--- /dev/null
+++ b/SOURCES/06-5e-03_disclaimer
@@ -0,0 +1,5 @@
+Microcode revisions 0xda and higher for Intel Skylake-H/S/Xeon E3 v5 (family 6,
+model 94, stepping 3; CPUID 0x506e3) are disabled as they may cause system
+instability; the previously published revision 0xd6 is used instead.
+Please refer to /usr/share/doc/microcode_ctl/caveats/06-5e-03_readme
+and /usr/share/doc/microcode_ctl/README.caveats for details.
diff --git a/SOURCES/06-5e-03_readme b/SOURCES/06-5e-03_readme
new file mode 100644
index 0000000..b739bf2
--- /dev/null
+++ b/SOURCES/06-5e-03_readme
@@ -0,0 +1,68 @@
+Some Intel Skylake CPU models (SKL-H/S/Xeon E3 v5, family 6, model 94,
+stepping 3) have reports of possible system hangs when revision 0xdc
+of microcode, that is included in microcode-20200609 update to address
+CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549, is applied[1].  In order
+to address this, microcode update to the newer revision has been disabled
+by default on these systems, and the previously published microcode revision
+0xd6 is used by default for the OS-driven microcode update.
+
+[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826
+
+For the reference, SHA1 checksums of 06-55-04 microcode files containing
+microcode revisions in question are listed below:
+ * 06-5e-03, revision 0xd6: 86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a
+ * 06-5e-03, revision 0xdc: 5e1020a10678cfc60980131c3d3a2cfd462b4dd7
+
+Please contact your system vendor for a BIOS/firmware update that contains
+the latest microcode version.  For the information regarding microcode versions
+required for mitigating specific side-channel cache attacks, please refer
+to the following knowledge base articles:
+ * CVE-2017-5715 ("Spectre"):
+   https://access.redhat.com/articles/3436091
+ * CVE-2018-3639 ("Speculative Store Bypass"):
+   https://access.redhat.com/articles/3540901
+ * CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
+   https://access.redhat.com/articles/3562741
+ * CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
+   ("Microarchitectural Data Sampling"):
+   https://access.redhat.com/articles/4138151
+ * CVE-2019-0117 (Intel SGX Information Leak),
+   CVE-2019-0123 (Intel SGX Privilege Escalation),
+   CVE-2019-11135 (TSX Asynchronous Abort),
+   CVE-2019-11139 (Voltage Setting Modulation):
+   https://access.redhat.com/solutions/2019-microcode-nov
+ * CVE-2020-0543 (Special Register Buffer Data Sampling),
+   CVE-2020-0548 (Vector Register Data Sampling),
+   CVE-2020-0549 (L1D Cache Eviction Sampling):
+   https://access.redhat.com/solutions/5142751
+
+The information regarding enforcing microcode update is provided below.
+
+To enforce usage of the latest 06-5e-03 microcode revision for a specific kernel
+version, please create a file "force-intel-06-5e-03" inside
+/lib/firmware/<kernel_version> directory, run
+"/usr/libexec/microcode_ctl/update_ucode" to add it to firmware directory
+where microcode will be available for late microcode update, and run
+"dracut -f --kver <kernel_version>", so initramfs for this kernel version
+is regenerated and the microcode can be loaded early, for example:
+
+    touch /lib/firmware/3.10.0-862.9.1/force-intel-06-5e-03
+    /usr/libexec/microcode_ctl/update_ucode
+    dracut -f --kver 3.10.0-862.9.1
+
+After that, it is possible to perform a late microcode update by executing
+"/usr/libexec/microcode_ctl/reload_microcode" or by writing value "1" to
+"/sys/devices/system/cpu/microcode/reload" directly.
+
+To enforce addition of this microcode for all kernels, please create file
+"/etc/microcode_ctl/ucode_with_caveats/force-intel-06-5e-03", run
+"/usr/libexec/microcode_ctl/update_ucode" for enabling late microcode updates,
+and "dracut -f --regenerate-all" for enabling early microcode updates:
+
+    mkdir -p /etc/microcode_ctl/ucode_with_caveats
+    touch /etc/microcode_ctl/ucode_with_caveats/force-intel-06-5e-03
+    /usr/libexec/microcode_ctl/update_ucode
+    dracut -f --regenerate-all
+
+Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
+information.
diff --git a/SOURCES/README.caveats b/SOURCES/README.caveats
index 65a3fca..132d181 100644
--- a/SOURCES/README.caveats
+++ b/SOURCES/README.caveats
@@ -481,13 +481,20 @@ Minimum versions of the kernel package that contain the fix:
 
 Intel Sandy Bridge-E/EN/EP caveat
 ---------------------------------
-MDS-related microcode revision 0x718 for Intel Sandy Bridge-E/EN/EP
-(SNB-EP, family 6, model 45, stepping 7) may lead to system instability[1][2].
-In order to address this, this microcode update is not used and the previous
-microcode revision is provided instead by default; the microcode file, however,
-is still shipped as part of microcode_ctl package and can be used for performing
-a microcode update if it is enforced via the aforementioned overrides. (See
-the sections "check_caveats script" and "reload_microcode script" for details.)
+Microcode revision 0x718 for Intel Sandy Bridge-E/EN/EP (SNB-EP, family 6,
+model 45, stepping 7), that was released to address MDS vulnerability,
+and was available from microcode-20190618 up to microcode-20190508 release)
+could lead to system instability[1][2].  In order to address this,
+this microcode update was not used and the previous microcode revision
+was provided instead by default; the microcode file, however, was still shipped
+as part of microcode_ctl package and could be used for performing a microcode
+update if it is enforced via the aforementioned overrides.  With the release
+of 0x71a revision of the microcode (as art of microcode-20200520 release)
+that aims at fixing the aforementioned stability issue, the latest microcode
+revision is again used by default; it is still provided via the caveat
+mechanism, hovewer, in order to enable ability to disable it in case such
+a need arises.  (See the sections "check_caveats script" and "reload_microcode
+script" for details regarding caveats mechanism operation.)
 
 [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/15
 [2] https://access.redhat.com/solutions/4593951
@@ -496,20 +503,28 @@ Caveat name: intel-06-2d-07
 
 Affected microcode: intel-ucode/06-2d-07.
 
-Mitigation: previously published microcode revision 0x714 is used by default.
+Mitigation: None; the latest revision of the microcode file is used by default;
+previously published microcode revision 0x714 is still available as a fallback
+as part of "intel" caveat.
 
 
 Intel Skylake-SP/W/X caveat
 ---------------------------
-Microcode revisions 0x2000065 and later for some CPU models that belong to
-Intel Skylake Scalable Platform (SKL-W/X, family 6, model 85, stepping 4,
-Workstation/HEDT segments) may lead to hangs during reboot[1].  In order
-to address this, by default these microcode updates are not used
-and the previous microcode revision is provided instead; the microcode file,
-however, is still shipped as part of microcode_ctl package and can be used
-for performing a microcode update if it is enforced via the aforementioned
-overrides. (See the sections "check_caveats script" and "reload_microcode
-script" for details.)
+Microcode revision 0x2000065 (that was provided with microcode releases
+microcode-20191112 up to microcode-20200520) for some CPU models that belong
+to Intel Skylake Scalable Platform (SKL-W/X, family 6, model 85, stepping 4,
+Workstation/HEDT segments) could lead to hangs during reboot[1].  In order
+to address this, by default this microcode update was disabled by default and
+and the previous 0x2000064 microcode revision was used instead; the microcode
+file with, however, is still shipped as part of microcode_ctl package and can
+be used for performing a microcode update if it is enforced
+via the aforementioned overrides. With the availability of 0x2006906 revision
+of the microcode (in the microcode-20200609 release) that fixes
+the aforementioned issue, the latest microcode revision is again used
+by default; it is still provided via caveat mechanism, hovewer, in order
+to enable ability to disable it in case such a need arises.  (See the sections
+"check_caveats script" and "reload_microcode script" for details regarding
+caveats mechanism operation.)
 
 [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
 
@@ -517,8 +532,33 @@ Caveat name: intel-06-55-04
 
 Affected microcode: intel-ucode/06-55-04.
 
-Mitigation: previously published microcode revision 0x2000064 is used
-by default.
+Mitigation: None; the latest revision of the microcode file is used by default;
+previously published microcode revision 0x2000064 is still available
+as a fallback as part of "intel" caveat.
+
+
+Intel Skylake-U/Y/H/S/Xeon E3 v5 caveats
+----------------------------------------
+Some Intel Skylake CPU models (SKL-U/Y, family 6, model 78, stepping 3;
+and SKL-H/S/Xeon E3 v5, family 6, model 94, stepping 3) have reports of system
+hangs when revision 0xdc of microcode, that is included in microcode-20200609
+update to address CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549,
+is applied[1][2].  In order to address this, microcode update to the newer
+revision has been disabled by default on these systems, and the previously
+published microcode revision 0xd6 is used instead; the newer microcode files,
+however, are still shipped as part of microcode_ctl package and can be used
+for performing a microcode update if they are enforced via the aforementioned
+overrides.  (See the sections "check_caveats script" and "reload_microcode
+script" for details.)
+
+[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826
+
+Caveat names: intel-06-4e-03, intel-06-5e-03
+
+Affected microcode: intel-ucode/06-4e-03, intel-ucode/06-5e-03.
+
+Mitigation: previously published microcode revision 0xd6 is used by default.
 
 
 
@@ -545,3 +585,7 @@ Intel CPU vulnerabilities is available in the following knowledge base articles:
    CVE-2019-11135 (TSX Asynchronous Abort),
    CVE-2019-11139 (Voltage Setting Modulation):
    https://access.redhat.com/solutions/2019-microcode-nov
+ * CVE-2020-0543 (Special Register Buffer Data Sampling),
+   CVE-2020-0548 (Vector Register Data Sampling),
+   CVE-2020-0549 (L1D Cache Eviction Sampling):
+   https://access.redhat.com/solutions/5142751
diff --git a/SPECS/microcode_ctl.spec b/SPECS/microcode_ctl.spec
index bf02db2..a0aebed 100644
--- a/SPECS/microcode_ctl.spec
+++ b/SPECS/microcode_ctl.spec
@@ -1,4 +1,4 @@
-%define intel_ucode_version 20200602
+%define intel_ucode_version 20200609
 %global debug_package %{nil}
 
 %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats
@@ -13,7 +13,7 @@
 Summary:        CPU microcode updates for Intel x86 processors
 Name:           microcode_ctl
 Version:        20191115
-Release:        4.%{intel_ucode_version}.2%{?dist}
+Release:        4.%{intel_ucode_version}.1%{?dist}
 Epoch:          4
 License:        CC0 and Redistributable, no modification permitted
 URL:            https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
@@ -25,6 +25,10 @@ Source2:        https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Fi
 # (Pre-20191112) revision 0x2000064 of 06-55-04 microcode
 Source3:        https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190918/intel-ucode/06-55-04
 
+# (Pre-20200609) revision 0xd6 of 06-4e-03/06-5e-03 microcode
+Source4:        https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20200520/intel-ucode/06-4e-03
+Source5:        https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20200520/intel-ucode/06-5e-03
+
 
 # systemd unit
 Source10:       microcode.service
@@ -70,6 +74,18 @@ Source130:      06-55-04_readme
 Source131:      06-55-04_config
 Source132:      06-55-04_disclaimer
 
+# SKL-U/Y (CPUID 0x406e3) post-20200609 hangs
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+Source140:      06-4e-03_readme
+Source141:      06-4e-03_config
+Source142:      06-4e-03_disclaimer
+
+# SKL-H/S/Xeon E3 v5 (CPUID 0x506e3) post-20200609 possible hangs
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826
+Source150:      06-5e-03_readme
+Source151:      06-5e-03_config
+Source152:      06-5e-03_disclaimer
+
 
 # "Provides:" RPM tags generator
 Source200:      gen_provides.sh
@@ -109,6 +125,14 @@ cp "%{SOURCE2}" intel-ucode/
 mv intel-ucode/06-55-04 intel-ucode-with-caveats/
 cp "%{SOURCE3}" intel-ucode/
 
+# replacing SKL-U/Y (CPUID 0x4063e) microcode with pre-20200609 version
+mv intel-ucode/06-4e-03 intel-ucode-with-caveats/
+cp "%{SOURCE4}" intel-ucode/
+
+# replacing SKL-H/S/Xeon E3 v5 (CPUID 0x5063e) microcode with pre-20200609 version
+mv intel-ucode/06-5e-03 intel-ucode-with-caveats/
+cp "%{SOURCE5}" intel-ucode/
+
 :
 
 %install
@@ -153,6 +177,7 @@ install -m 644 releasenote \
 
 # caveats
 install -m 644 "%{SOURCE100}" "%{SOURCE110}" "%{SOURCE120}" "%{SOURCE130}" \
+	       "%{SOURCE140}" "%{SOURCE150}" \
 	-t "%{buildroot}/%{_pkgdocdir}/caveats/"
 
 
@@ -183,12 +208,28 @@ install -m 644 "%{SOURCE121}" "%{snb_inst_dir}/config"
 install -m 644 "%{SOURCE122}" "%{snb_inst_dir}/disclaimer"
 
 # SKL-SP caveat
-%define skl_inst_dir %{buildroot}/%{caveat_dir}/intel-06-55-04/
-install -m 755 -d "%{skl_inst_dir}/intel-ucode"
-install -m 644 intel-ucode-with-caveats/06-55-04 -t "%{skl_inst_dir}/intel-ucode/"
-install -m 644 "%{SOURCE130}" "%{skl_inst_dir}/readme"
-install -m 644 "%{SOURCE131}" "%{skl_inst_dir}/config"
-install -m 644 "%{SOURCE132}" "%{skl_inst_dir}/disclaimer"
+%define skl_sp_inst_dir %{buildroot}/%{caveat_dir}/intel-06-55-04/
+install -m 755 -d "%{skl_sp_inst_dir}/intel-ucode"
+install -m 644 intel-ucode-with-caveats/06-55-04 -t "%{skl_sp_inst_dir}/intel-ucode/"
+install -m 644 "%{SOURCE130}" "%{skl_sp_inst_dir}/readme"
+install -m 644 "%{SOURCE131}" "%{skl_sp_inst_dir}/config"
+install -m 644 "%{SOURCE132}" "%{skl_sp_inst_dir}/disclaimer"
+
+# SKL-U/Y caveat
+%define skl_uy_inst_dir %{buildroot}/%{caveat_dir}/intel-06-4e-03/
+install -m 755 -d "%{skl_uy_inst_dir}/intel-ucode"
+install -m 644 intel-ucode-with-caveats/06-4e-03 -t "%{skl_uy_inst_dir}/intel-ucode/"
+install -m 644 "%{SOURCE140}" "%{skl_uy_inst_dir}/readme"
+install -m 644 "%{SOURCE141}" "%{skl_uy_inst_dir}/config"
+install -m 644 "%{SOURCE142}" "%{skl_uy_inst_dir}/disclaimer"
+
+# SKL-H/S/Xeoon E3 v5 caveat
+%define skl_hs_inst_dir %{buildroot}/%{caveat_dir}/intel-06-5e-03/
+install -m 755 -d "%{skl_hs_inst_dir}/intel-ucode"
+install -m 644 intel-ucode-with-caveats/06-5e-03 -t "%{skl_hs_inst_dir}/intel-ucode/"
+install -m 644 "%{SOURCE150}" "%{skl_hs_inst_dir}/readme"
+install -m 644 "%{SOURCE151}" "%{skl_hs_inst_dir}/config"
+install -m 644 "%{SOURCE152}" "%{skl_hs_inst_dir}/disclaimer"
 
 
 %post
@@ -420,6 +461,20 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Mon Jun 15 2020 Eugene Syromiatnikov <esyr@redhat.com> - 4:20191115-4.20200609.1
+- Update Intel CPU microcode to microcode-20200609 release (#1848504):
+  - Fixed a typo in the release note file.
+
+* Mon Jun 15 2020 Eugene Syromiatnikov <esyr@redhat.com> - 4:20191115-4.20200602.5
+- Enable 06-2d-07 (SNB-E/EN/EP) caveat by default.
+
+* Mon Jun 15 2020 Eugene Syromiatnikov <esyr@redhat.com> - 4:20191115-4.20200602.4
+- Enable 06-55-04 (SKL-X/W) caveat by default.
+
+* Sun Jun 14 2020 Eugene Syromiatnikov <esyr@redhat.com> - 4:20191115-4.20200602.3
+- Do not update 06-4e-03 (SKL-U/Y) and 06-5e-03 (SKL-H/S/Xeon E3 v5) to revision
+  0xdc, use 0xd6 by default (#1848440).
+
 * Thu Jun 04 2020 Eugene Syromiatnikov <esyr@redhat.com> - 4:20191115-4.20200602.2
 - Avoid temporary file creation, used for here-documents in check_caveats.