diff --git a/.gitignore b/.gitignore
index d6a7b0b..7940b36 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,4 +4,4 @@ SOURCES/06-55-04
SOURCES/06-5e-03
SOURCES/microcode-20190918.tar.gz
SOURCES/microcode-20191115.tar.gz
-SOURCES/microcode-20210608.tar.gz
+SOURCES/microcode-20220207.tar.gz
diff --git a/.microcode_ctl.metadata b/.microcode_ctl.metadata
index 19f5d82..46331ca 100644
--- a/.microcode_ctl.metadata
+++ b/.microcode_ctl.metadata
@@ -4,4 +4,4 @@ bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07
86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03
bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz
774636f4d440623b0ee6a2dad65260e81208074d SOURCES/microcode-20191115.tar.gz
-68f7344d874d50f4c8d836f01abc497707d0baa2 SOURCES/microcode-20210608.tar.gz
+a2a0e662d463e1d826ae74406379557a12469eb5 SOURCES/microcode-20220207.tar.gz
diff --git a/SOURCES/06-4e-03_readme b/SOURCES/06-4e-03_readme
index 13cb72a..3eceda2 100644
--- a/SOURCES/06-4e-03_readme
+++ b/SOURCES/06-4e-03_readme
@@ -14,6 +14,7 @@ microcode revisions in question are listed below:
* 06-4e-03, revision 0xdc: cd1733458d187486999337ff8b51eeaa0cfbca6c
* 06-4e-03, revision 0xe2: 41f4513cf563605bc85db38056ac430dec948366
* 06-4e-03, revision 0xea: 5a54cab9f22f69b819d663e5747ed6ea2a326c55
+ * 06-4e-03, revision 0xec: d949a8543d2464d955f5dc4b0777cac863f48729
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
@@ -46,6 +47,8 @@ to the following knowledge base articles:
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
+ * CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
+ https://access.redhat.com/articles/6716541
The information regarding enforcing microcode update is provided below.
diff --git a/SOURCES/06-55-04_readme b/SOURCES/06-55-04_readme
index b8d3618..76dfb48 100644
--- a/SOURCES/06-55-04_readme
+++ b/SOURCES/06-55-04_readme
@@ -20,6 +20,7 @@ microcode revisions in question are listed below:
* 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212
* 06-55-04, revision 0x2006a0a: 7ec27025329c82de9553c14a78733ad1013e5462
* 06-55-04, revision 0x2006b06: cb5bec976cb9754e3a22ab6828b3262a8f9eccf7
+ * 06-55-04, revision 0x2006c0a: 76b641375d136c08f5feb46aacebee40468ac085
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
@@ -52,6 +53,8 @@ to the following knowledge base articles:
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
+ * CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
+ https://access.redhat.com/articles/6716541
The information regarding disabling microcode update is provided below.
diff --git a/SOURCES/06-5e-03_readme b/SOURCES/06-5e-03_readme
index 9beb75e..9161617 100644
--- a/SOURCES/06-5e-03_readme
+++ b/SOURCES/06-5e-03_readme
@@ -17,6 +17,7 @@ microcode revisions in question are listed below:
* 06-5e-03, revision 0xdc: 5e1020a10678cfc60980131c3d3a2cfd462b4dd7
* 06-5e-03, revision 0xe2: 031e6e148b590d1c9cfdb6677539eeb4899e831c
* 06-5e-03, revision 0xea: e6c37056a849fd281f2fdb975361a914e07b86c8
+ * 06-5e-03, revision 0xec: 6458bf25da4906479a01ffdcaa6d466e22722e01
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
@@ -49,6 +50,8 @@ to the following knowledge base articles:
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
+ * CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
+ https://access.redhat.com/articles/6716541
The information regarding disabling microcode update is provided below.
diff --git a/SOURCES/06-8c-01_readme b/SOURCES/06-8c-01_readme
index 9625c42..5185d20 100644
--- a/SOURCES/06-8c-01_readme
+++ b/SOURCES/06-8c-01_readme
@@ -11,6 +11,7 @@ For the reference, SHA1 checksums of 06-8c-01 microcode files containing
microcode revisions in question are listed below:
* 06-8c-01, revision 0x68: 2204a6dee1688980cd228268fdf4b6ed5904fe04
* 06-8c-01, revision 0x88: 61b6590feb2769046d5b0c394179beaf2df51290
+ * 06-8c-01, revision 0x9a: 48b3ae8d27d8138b5b47052d2f8184bf555ad18e
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
@@ -25,6 +26,8 @@ to the following knowledge base articles:
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
+ * CVE-2021-0145 (Fast store forward predictor - Cross Domain Training):
+ https://access.redhat.com/articles/6716541
The information regarding disabling microcode update is provided below.
diff --git a/SOURCES/06-8e-9e-0x-0xca_readme b/SOURCES/06-8e-9e-0x-0xca_readme
index 22f47dd..bf830eb 100644
--- a/SOURCES/06-8e-9e-0x-0xca_readme
+++ b/SOURCES/06-8e-9e-0x-0xca_readme
@@ -92,6 +92,16 @@ in question:
* 06-9e-0c, revision 0xea: 1329a4d8166fe7d70833d21428936254e11efbb4
* 06-9e-0d, revision 0xea: 9c73f2ac6c4edbf8b0aefdd5d6780c7219be702a
+ * 06-8e-09, revision 0xec: 78eb624be5e8084e438318bdad99f9ddc082def7
+ * 06-8e-0a, revision 0xec: 6c41a6ad412f48f81a9d5edf59dcdecc358398bf
+ * 06-8e-0b, revision 0xec: 89dd0de598c83eb9714f6839499f322dfce2b693
+ * 06-8e-0c, revision 0xec: 225ea349b9cb3b1b94e237deb797e0c60d14a84c
+ * 06-9e-09, revision 0xec: fc5c0206fe392a0ddad4dc9363fde2d3e3d1e681
+ * 06-9e-0a, revision 0xec: 128002076e4ac3c75697fb4efdf1f8ddcc971fbe
+ * 06-9e-0b, revision 0xec: ac8c3865a143b2e03869f15a5b86e560f60ad632
+ * 06-9e-0c, revision 0xec: 6e3d695290def517857c8e743dc65161479f0c04
+ * 06-9e-0d, revision 0xec: 58b1ec5fee7dd1a761ed901b374ccb978737a979
+
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer
@@ -118,6 +128,13 @@ to the following knowledge base articles:
CVE-2020-8696 (Vector Register Leakage-Active),
CVE-2020-8698 (Fast Forward Store Predictor):
https://access.redhat.com/articles/5569051
+ * CVE-2020-24489 (VT-d-related Privilege Escalation),
+ CVE-2020-24511 (Improper Isolation of Shared Resources),
+ CVE-2020-24512 (Observable Timing Discrepancy),
+ CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
+ https://access.redhat.com/articles/6101171
+ * CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
+ https://access.redhat.com/articles/6716541
The information regarding disabling microcode update is provided below.
diff --git a/SOURCES/06-8e-9e-0x-dell_readme b/SOURCES/06-8e-9e-0x-dell_readme
index 0f12fee..bca53eb 100644
--- a/SOURCES/06-8e-9e-0x-dell_readme
+++ b/SOURCES/06-8e-9e-0x-dell_readme
@@ -92,6 +92,16 @@ in question:
* 06-9e-0c, revision 0xea: 1329a4d8166fe7d70833d21428936254e11efbb4
* 06-9e-0d, revision 0xea: 9c73f2ac6c4edbf8b0aefdd5d6780c7219be702a
+ * 06-8e-09, revision 0xec: 78eb624be5e8084e438318bdad99f9ddc082def7
+ * 06-8e-0a, revision 0xec: 6c41a6ad412f48f81a9d5edf59dcdecc358398bf
+ * 06-8e-0b, revision 0xec: 89dd0de598c83eb9714f6839499f322dfce2b693
+ * 06-8e-0c, revision 0xec: 225ea349b9cb3b1b94e237deb797e0c60d14a84c
+ * 06-9e-09, revision 0xec: fc5c0206fe392a0ddad4dc9363fde2d3e3d1e681
+ * 06-9e-0a, revision 0xec: 128002076e4ac3c75697fb4efdf1f8ddcc971fbe
+ * 06-9e-0b, revision 0xec: ac8c3865a143b2e03869f15a5b86e560f60ad632
+ * 06-9e-0c, revision 0xec: 6e3d695290def517857c8e743dc65161479f0c04
+ * 06-9e-0d, revision 0xec: 58b1ec5fee7dd1a761ed901b374ccb978737a979
+
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer
@@ -118,6 +128,13 @@ to the following knowledge base articles:
CVE-2020-8696 (Vector Register Leakage-Active),
CVE-2020-8698 (Fast Forward Store Predictor):
https://access.redhat.com/articles/5569051
+ * CVE-2020-24489 (VT-d-related Privilege Escalation),
+ CVE-2020-24511 (Improper Isolation of Shared Resources),
+ CVE-2020-24512 (Observable Timing Discrepancy),
+ CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
+ https://access.redhat.com/articles/6101171
+ * CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
+ https://access.redhat.com/articles/6716541
The information regarding disabling microcode update is provided below.
diff --git a/SOURCES/README.caveats b/SOURCES/README.caveats
index b15642b..e7fd8eb 100644
--- a/SOURCES/README.caveats
+++ b/SOURCES/README.caveats
@@ -860,3 +860,8 @@ Intel CPU vulnerabilities is available in the following knowledge base articles:
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
+ * CVE-2021-0127 (Intel Processor Breakpoint Control Flow),
+ CVE-2021-0145 (Fast store forward predictor - Cross Domain Training),
+ CVE-2021-0146 (VT-d-related Privilege Escalation),
+ CVE-2021-33120 (Out of bounds read for some Intel Atom processors):
+ https://access.redhat.com/articles/6716541
diff --git a/SOURCES/codenames.list b/SOURCES/codenames.list
index f2eaa75..f957dc6 100644
--- a/SOURCES/codenames.list
+++ b/SOURCES/codenames.list
@@ -271,6 +271,7 @@ Mobile;;Ice Lake;D1;80;706e5;ICL;U,Y;Core Gen10 Mobile;
Server;;Knights Mill;A0;08;80650;KNM;;Xeon Phi 72x5;Xeon Phi 7235, 7285, 7295
SOC;;Snow Ridge;B0;01;80664;SNR;;Atom P59xxB;
SOC;;Snow Ridge;B1;01;80665;SNR;;Atom P59xxB;
+SOC;;Snow Ridge;C0;01;80667;SNR;;Atom P59xxB;
Mobile;;Tiger Lake;B1;80;806c1;TGL;UP3,UP4;Core Gen11 Mobile;
Mobile;;Tiger Lake Refresh;C0;80;806c2;TGL;R;Core Gen11 Mobile;
Mobile;;Tiger Lake;R0;c2;806d1;TGL;H;Core Gen11 Mobile;
diff --git a/SPECS/microcode_ctl.spec b/SPECS/microcode_ctl.spec
index 8818c45..c0218f2 100644
--- a/SPECS/microcode_ctl.spec
+++ b/SPECS/microcode_ctl.spec
@@ -1,4 +1,4 @@
-%define intel_ucode_version 20210608
+%define intel_ucode_version 20220207
%global debug_package %{nil}
%define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats
@@ -544,6 +544,117 @@ rm -rf %{buildroot}
%changelog
+* Thu Feb 10 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220207-1
+- Update Intel CPU microcode to microcode-20220207 release:
+ - Fixes in releasenote.md file.
+
+* Mon Feb 07 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220204-1
+- Update Intel CPU microcode to microcode-20220204 release, addresses
+ CVE-2021-0127, CVE-2021-0145, and CVE-2021-33120 (#1971906, #2049543,
+ #2049554, #2049571):
+ - Removal of 06-86-04/0x01 (SNR B0) microcode at revision 0xb00000f;
+ - Removal of 06-86-05/0x01 (SNR B1) microcode (in intel-ucode/06-86-04)
+ at revision 0xb00000f;
+ - Removal of 06-86-04/0x01 (SNR B0) microcode (in intel-ucode/06-86-05)
+ at revision 0xb00000f;
+ - Removal of 06-86-05/0x01 (SNR B1) microcode at revision 0xb00000f;
+ - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in
+ intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xea up to 0xec;
+ - Update of 06-4f-01/0xef (BDX-E/EP/EX/ML B0/M0/R0) microcode (in
+ intel-06-4f-01/intel-ucode/06-4f-01) from revision 0xb00003e up
+ to 0xb000040;
+ - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
+ intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006b06 up
+ to 0x2006c0a;
+ - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in
+ intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xea up to 0xec;
+ - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in
+ intel-06-8c-01/intel-ucode/06-8c-01) from revision 0x88 up to 0x9a;
+ - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in
+ intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xea up
+ to 0xec;
+ - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in
+ intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xea up
+ to 0xec;
+ - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in
+ intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xea up
+ to 0xec;
+ - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in
+ intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xea up
+ to 0xec;
+ - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
+ microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from
+ revision 0xea up to 0xec;
+ - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in
+ intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xea up
+ to 0xec;
+ - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in
+ intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xea up
+ to 0xec;
+ - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in
+ intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xea up
+ to 0xec;
+ - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in
+ intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xea up
+ to 0xec;
+ - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in
+ intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xea up
+ to 0xec;
+ - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode
+ from revision 0x46 up to 0x49;
+ - Update of 06-3f-04/0x80 (HSX-EX E0) microcode from revision 0x19 up
+ to 0x1a;
+ - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015b
+ up to 0x100015c;
+ - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4003102
+ up to 0x400320a;
+ - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
+ 0x5003102 up to 0x500320a;
+ - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002302
+ up to 0x7002402;
+ - Update of 06-56-03/0x10 (BDX-DE V2/V3) microcode from revision
+ 0x700001b up to 0x700001c;
+ - Update of 06-56-04/0x10 (BDX-DE Y0) microcode from revision 0xf000019
+ up to 0xf00001a;
+ - Update of 06-56-05/0x10 (BDX-NS A0/A1, HWL A1) microcode from revision
+ 0xe000012 up to 0xe000014;
+ - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x44 up
+ to 0x46;
+ - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x20 up
+ to 0x24;
+ - Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x34 up
+ to 0x36;
+ - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0002a0
+ up to 0xd000331;
+ - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x36 up
+ to 0x38;
+ - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1a up
+ to 0x1c;
+ - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa6
+ up to 0xa8;
+ - Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x2a up
+ to 0x2d;
+ - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x16 up
+ to 0x22;
+ - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x2c up
+ to 0x3c;
+ - Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x11 up
+ to 0x15;
+ - Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x1d up
+ to 0x2400001f;
+ - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xea up
+ to 0xec;
+ - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xea
+ up to 0xec;
+ - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xec
+ up to 0xee;
+ - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xe8
+ up to 0xea;
+ - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision
+ 0xea up to 0xec;
+ - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x40 up
+ to 0x50.
+
* Mon Jul 05 2021 Eugene Syromiatnikov <esyr@redhat.com> - 4:20210608-1
- Update Intel CPU microcode to microcode-20210608 release (#1921773):
- Fixes in releasenote.md file.