diff --git a/.gitignore b/.gitignore
index b604404..7940b36 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,4 +4,4 @@ SOURCES/06-55-04
SOURCES/06-5e-03
SOURCES/microcode-20190918.tar.gz
SOURCES/microcode-20191115.tar.gz
-SOURCES/microcode-20220204.tar.gz
+SOURCES/microcode-20220207.tar.gz
diff --git a/.microcode_ctl.metadata b/.microcode_ctl.metadata
index 6f2213c..46331ca 100644
--- a/.microcode_ctl.metadata
+++ b/.microcode_ctl.metadata
@@ -4,4 +4,4 @@ bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07
86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03
bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz
774636f4d440623b0ee6a2dad65260e81208074d SOURCES/microcode-20191115.tar.gz
-a6a11c2f59d6c4b3b8e11ceee67f4bc30d4c6c93 SOURCES/microcode-20220204.tar.gz
+a2a0e662d463e1d826ae74406379557a12469eb5 SOURCES/microcode-20220207.tar.gz
diff --git a/SOURCES/0001-releasenote.md-fix-microde-20220204-revision-summary.patch b/SOURCES/0001-releasenote.md-fix-microde-20220204-revision-summary.patch
deleted file mode 100644
index fa49ff2..0000000
--- a/SOURCES/0001-releasenote.md-fix-microde-20220204-revision-summary.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From a6faade347b3c7312013b71ae0cd5f08acc12dab Mon Sep 17 00:00:00 2001
-From: Eugene Syromiatnikov <esyr@redhat.com>
-Date: Tue, 1 Feb 2022 05:23:23 +0100
-Subject: [PATCH] releasenote.md: fix microde-20220204 revision summary table
-
-* releasenote.md (06-3f-02/6f, 06-3f-04/80, 06-4e-03/c0, 06-4f-01/ef,
-06-55-03/97): Add missing Updated Platforms records.
-(Removed Platforms): Add 06-86-04/01 and 06-86-05/01 (SNR B0/B1)
-records.
----
- releasenote.md | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/releasenote.md b/releasenote.md
-index 14e3231..0a1e478 100644
---- a/releasenote.md
-+++ b/releasenote.md
-@@ -26,6 +26,11 @@ None
-
- | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
- |:---------------|:---------|:------------|:---------|:---------|:---------
-+| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000046 | 00000049 | Core Gen4 X series; Xeon E5 v3
-+| HSX-EX | E0 | 06-3f-04/80 | 00000019 | 0000001a | Xeon E7 v3
-+| SKL-U/Y | D0 | 06-4e-03/c0 | 000000ea | 000000ec | Core Gen6 Mobile
-+| BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b00003e | 0b000040 | Xeon E5/E7 v4; Core i7-69xx/68xx
-+| SKX-SP | B1 | 06-55-03/97 | 0100015b | 0100015c | Xeon Scalable
- | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006b06 | 02006c0a | Xeon Scalable
- | SKX-D | M1 | 06-55-04/b7 | 02006b06 | 02006c0a | Xeon D-21xx
- | CLX-SP | B0 | 06-55-06/bf | 04003102 | 0400320a | Xeon Scalable Gen2
-@@ -69,7 +74,10 @@ None
-
- ### Removed Platforms
-
--None
-+| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
-+|:---------------|:---------|:------------|:---------|:---------|:---------
-+| SNR | B0 | 06-86-04/01 | 0b00000f | | Atom P59xxB
-+| SNR | B1 | 06-86-05/01 | 0b00000f | | Atom P59xxB
-
- ## [microcode-20210608](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608)
-
---
-2.13.6
-
diff --git a/SOURCES/06-4e-03_readme b/SOURCES/06-4e-03_readme
index e311550..3eceda2 100644
--- a/SOURCES/06-4e-03_readme
+++ b/SOURCES/06-4e-03_readme
@@ -47,6 +47,8 @@ to the following knowledge base articles:
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
+ * CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
+ https://access.redhat.com/articles/6716541
The information regarding enforcing microcode update is provided below.
diff --git a/SOURCES/06-55-04_readme b/SOURCES/06-55-04_readme
index fd08268..76dfb48 100644
--- a/SOURCES/06-55-04_readme
+++ b/SOURCES/06-55-04_readme
@@ -53,6 +53,8 @@ to the following knowledge base articles:
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
+ * CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
+ https://access.redhat.com/articles/6716541
The information regarding disabling microcode update is provided below.
diff --git a/SOURCES/06-5e-03_readme b/SOURCES/06-5e-03_readme
index 117a5fd..9161617 100644
--- a/SOURCES/06-5e-03_readme
+++ b/SOURCES/06-5e-03_readme
@@ -50,6 +50,8 @@ to the following knowledge base articles:
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
+ * CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
+ https://access.redhat.com/articles/6716541
The information regarding disabling microcode update is provided below.
diff --git a/SOURCES/06-8c-01_readme b/SOURCES/06-8c-01_readme
index 182b1d6..5185d20 100644
--- a/SOURCES/06-8c-01_readme
+++ b/SOURCES/06-8c-01_readme
@@ -26,6 +26,8 @@ to the following knowledge base articles:
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
+ * CVE-2021-0145 (Fast store forward predictor - Cross Domain Training):
+ https://access.redhat.com/articles/6716541
The information regarding disabling microcode update is provided below.
diff --git a/SOURCES/06-8e-9e-0x-0xca_readme b/SOURCES/06-8e-9e-0x-0xca_readme
index 12bf504..bf830eb 100644
--- a/SOURCES/06-8e-9e-0x-0xca_readme
+++ b/SOURCES/06-8e-9e-0x-0xca_readme
@@ -128,6 +128,13 @@ to the following knowledge base articles:
CVE-2020-8696 (Vector Register Leakage-Active),
CVE-2020-8698 (Fast Forward Store Predictor):
https://access.redhat.com/articles/5569051
+ * CVE-2020-24489 (VT-d-related Privilege Escalation),
+ CVE-2020-24511 (Improper Isolation of Shared Resources),
+ CVE-2020-24512 (Observable Timing Discrepancy),
+ CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
+ https://access.redhat.com/articles/6101171
+ * CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
+ https://access.redhat.com/articles/6716541
The information regarding disabling microcode update is provided below.
diff --git a/SOURCES/06-8e-9e-0x-dell_readme b/SOURCES/06-8e-9e-0x-dell_readme
index e0dd6f7..bca53eb 100644
--- a/SOURCES/06-8e-9e-0x-dell_readme
+++ b/SOURCES/06-8e-9e-0x-dell_readme
@@ -128,6 +128,13 @@ to the following knowledge base articles:
CVE-2020-8696 (Vector Register Leakage-Active),
CVE-2020-8698 (Fast Forward Store Predictor):
https://access.redhat.com/articles/5569051
+ * CVE-2020-24489 (VT-d-related Privilege Escalation),
+ CVE-2020-24511 (Improper Isolation of Shared Resources),
+ CVE-2020-24512 (Observable Timing Discrepancy),
+ CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
+ https://access.redhat.com/articles/6101171
+ * CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
+ https://access.redhat.com/articles/6716541
The information regarding disabling microcode update is provided below.
diff --git a/SOURCES/README.caveats b/SOURCES/README.caveats
index b15642b..e7fd8eb 100644
--- a/SOURCES/README.caveats
+++ b/SOURCES/README.caveats
@@ -860,3 +860,8 @@ Intel CPU vulnerabilities is available in the following knowledge base articles:
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
+ * CVE-2021-0127 (Intel Processor Breakpoint Control Flow),
+ CVE-2021-0145 (Fast store forward predictor - Cross Domain Training),
+ CVE-2021-0146 (VT-d-related Privilege Escalation),
+ CVE-2021-33120 (Out of bounds read for some Intel Atom processors):
+ https://access.redhat.com/articles/6716541
diff --git a/SPECS/microcode_ctl.spec b/SPECS/microcode_ctl.spec
index 6ca7117..c0218f2 100644
--- a/SPECS/microcode_ctl.spec
+++ b/SPECS/microcode_ctl.spec
@@ -1,4 +1,4 @@
-%define intel_ucode_version 20220204
+%define intel_ucode_version 20220207
%global debug_package %{nil}
%define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats
@@ -12,13 +12,12 @@
Summary: CPU microcode updates for Intel x86 processors
Name: microcode_ctl
-Version: 20210608
-Release: 1.%{intel_ucode_version}.1%{?dist}
+Version: %{intel_ucode_version}
+Release: 1%{?dist}
Epoch: 4
License: CC0 and Redistributable, no modification permitted
URL: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
-#Source0: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz
-Source0: microcode-%{intel_ucode_version}.tar.gz
+Source0: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz
# (Pre-MDS) revision 0x714 of 06-2d-07 microcode
Source2: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190514/intel-ucode/06-2d-07
@@ -123,8 +122,6 @@ Source1000: gen_provides.sh
Source1001: codenames.list
Source1002: gen_updates2.py
-Patch1001: 0001-releasenote.md-fix-microde-20220204-revision-summary.patch
-
ExclusiveArch: %{ix86} x86_64
BuildRequires: systemd-units
# hexdump is used in gen_provides.sh
@@ -151,8 +148,6 @@ is no longer used for microcode upload and, as a result, no longer provided.
%prep
%setup -n "Intel-Linux-Processor-Microcode-Data-Files-microcode-%{intel_ucode_version}"
-%patch1001 -p1
-
%build
# replacing SNB-EP (CPUID 0x206d7) microcode with pre-MDS version
mv intel-ucode/06-2d-07 intel-ucode-with-caveats/
@@ -549,9 +544,14 @@ rm -rf %{buildroot}
%changelog
-* Mon Feb 07 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20210608-1.20220204.1
+* Thu Feb 10 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220207-1
+- Update Intel CPU microcode to microcode-20220207 release:
+ - Fixes in releasenote.md file.
+
+* Mon Feb 07 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220204-1
- Update Intel CPU microcode to microcode-20220204 release, addresses
- CVE-2021-0127, CVE-2021-0145, CVE-2021-33120 (#2049541, #2049553, #2049570):
+ CVE-2021-0127, CVE-2021-0145, and CVE-2021-33120 (#1971906, #2049543,
+ #2049554, #2049571):
- Removal of 06-86-04/0x01 (SNR B0) microcode at revision 0xb00000f;
- Removal of 06-86-05/0x01 (SNR B1) microcode (in intel-ucode/06-86-04)
at revision 0xb00000f;