Change log for intel-microcode package in Debian
| 1 → 75 of 112 results | First • Previous • Next • Last |
| Published in sid-release |
intel-microcode (3.20240312.1) unstable; urgency=medium
* New upstream microcode datafile 20240312 (closes: #1066108)
- Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
Protection mechanism failure of bus lock regulator for some Intel
Processors may allow an unauthenticated user to potentially enable
denial of service via network access.
- Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
Non-transparent sharing of return predictor targets between contexts in
some Intel Processors may allow an authorized user to potentially
enable information disclosure via local access. Affects SGX as well.
- Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
Information exposure through microarchitectural state after transient
execution from some register files for some Intel Atom Processors and
E-cores of Intel Core Processors may allow an authenticated user to
potentially enable information disclosure via local access. Enhances
VERW instruction to clear stale register buffers. Affects SGX as well.
Requires kernel update to be effective.
- Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA:
Protection mechanism failure in some 3rd and 4th Generation Intel Xeon
Processors when using Intel SGX or Intel TDX may allow a privileged
user to potentially enable escalation of privilege via local access.
NOTE: effective only when loaded by firmware. Allows SMM firmware to
attack SGX/TDX.
- Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490):
Incorrect calculation in microcode keying mechanism for some Intel
Xeon D Processors with Intel SGX may allow a privileged user to
potentially enable information disclosure via local access.
* Fixes for other unspecified functional issues on many processors
* Updated microcodes:
sig 0x00050653, pf_mask 0x97, 2023-07-28, rev 0x1000191, size 36864
sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
sig 0x00050657, pf_mask 0xbf, 2023-07-28, rev 0x5003605, size 37888
sig 0x0005065b, pf_mask 0xbf, 2023-08-03, rev 0x7002802, size 30720
sig 0x00050665, pf_mask 0x10, 2023-08-03, rev 0xe000015, size 23552
sig 0x000506f1, pf_mask 0x01, 2023-10-05, rev 0x003e, size 11264
sig 0x000606a6, pf_mask 0x87, 2023-09-14, rev 0xd0003d1, size 307200
sig 0x000606c1, pf_mask 0x10, 2023-12-05, rev 0x1000290, size 299008
sig 0x000706a1, pf_mask 0x01, 2023-08-25, rev 0x0040, size 76800
sig 0x000706a8, pf_mask 0x01, 2023-08-25, rev 0x0024, size 76800
sig 0x000706e5, pf_mask 0x80, 2023-09-14, rev 0x00c4, size 114688
sig 0x000806c1, pf_mask 0x80, 2023-09-13, rev 0x00b6, size 111616
sig 0x000806c2, pf_mask 0xc2, 2023-09-13, rev 0x0036, size 98304
sig 0x000806d1, pf_mask 0xc2, 2023-09-13, rev 0x0050, size 104448
sig 0x000806ec, pf_mask 0x94, 2023-07-16, rev 0x00fa, size 106496
sig 0x000806f8, pf_mask 0x87, 2024-01-03, rev 0x2b000590, size 579584
sig 0x000806f7, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f6, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f5, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f4, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x00090661, pf_mask 0x01, 2023-09-26, rev 0x0019, size 20480
sig 0x00090672, pf_mask 0x07, 2023-09-19, rev 0x0034, size 224256
sig 0x00090675, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000b06f2, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000b06f5, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000906a3, pf_mask 0x80, 2023-09-19, rev 0x0432, size 222208
sig 0x000906a4, pf_mask 0x80, 2023-09-19, rev 0x0432
sig 0x000906c0, pf_mask 0x01, 2023-09-26, rev 0x24000026, size 20480
sig 0x000906e9, pf_mask 0x2a, 2023-09-28, rev 0x00f8, size 108544
sig 0x000906ea, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 105472
sig 0x000906ec, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 106496
sig 0x000906ed, pf_mask 0x22, 2023-07-27, rev 0x00fc, size 106496
sig 0x000a0652, pf_mask 0x20, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0653, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0655, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0660, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0661, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 96256
sig 0x000a0671, pf_mask 0x02, 2023-09-14, rev 0x005e, size 108544
sig 0x000b0671, pf_mask 0x32, 2023-12-14, rev 0x0122, size 215040
sig 0x000b06a2, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
sig 0x000b06a3, pf_mask 0xe0, 2023-12-07, rev 0x4121
sig 0x000b06e0, pf_mask 0x11, 2023-09-25, rev 0x0015, size 138240
* New microcodes:
sig 0x000a06a4, pf_mask 0xe6, 2024-01-03, rev 0x001c, size 136192
sig 0x000b06a8, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
sig 0x000c06f2, pf_mask 0x87, 2023-11-20, rev 0x21000200, size 549888
sig 0x000c06f1, pf_mask 0x87, 2023-11-20, rev 0x21000200
* source: update symlinks to reflect id of the latest release, 20240312
* changelog, debian/changelog: fix typos
-- Henrique de Moraes Holschuh <email address hidden> Tue, 12 Mar 2024 20:28:17 -0300
Available diffs
- diff from 3.20231114.1 to 3.20240312.1 (6.7 KiB)
| Published in bullseye-release |
intel-microcode (3.20231114.1~deb11u1) bullseye-security; urgency=high * Backport to Debian Bullseye * debian/control: revert non-free-firmware change -- Henrique de Moraes Holschuh <email address hidden> Sat, 18 Nov 2023 16:47:51 -0300
| Published in bookworm-release |
intel-microcode (3.20231114.1~deb12u1) bookworm-security; urgency=high * Build for bookworm (no changes) -- Henrique de Moraes Holschuh <email address hidden> Sat, 18 Nov 2023 16:13:39 -0300
| Superseded in sid-release |
intel-microcode (3.20231114.1) unstable; urgency=medium
* New upstream microcode datafile 20231114 (closes: #1055962)
Mitigations for "reptar", INTEL-SA-00950 (CVE-2023-23583)
Sequence of processor instructions leads to unexpected behavior for some
Intel(R) Processors, may allow an authenticated user to potentially enable
escalation of privilege and/or information disclosure and/or denial of
service via local access.
Note: "retvar" on 4th gen Xeon Scalable (sig 0x806f8 pfm 0x87), 12th gen
Core mobile (sig 0x906a4 pfm 0x80), 13th gen Core desktop (sig 0xb0671 pfm
0x01) were already mitigated by a previous microcode update.
* Fixes for unspecified functional issues
* Updated microcodes:
sig 0x000606a6, pf_mask 0x87, 2023-09-01, rev 0xd0003b9, size 299008
sig 0x000606c1, pf_mask 0x10, 2023-09-08, rev 0x1000268, size 290816
sig 0x000706e5, pf_mask 0x80, 2023-09-03, rev 0x00c2, size 113664
sig 0x000806c1, pf_mask 0x80, 2023-09-07, rev 0x00b4, size 111616
sig 0x000806c2, pf_mask 0xc2, 2023-09-07, rev 0x0034, size 98304
sig 0x000806d1, pf_mask 0xc2, 2023-09-07, rev 0x004e, size 104448
sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416
sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
sig 0x000806f7, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
sig 0x000806f6, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
sig 0x000806f5, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
sig 0x000806f4, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184
sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290
sig 0x000806f6, pf_mask 0x10, 2023-06-26, rev 0x2c000290
sig 0x000806f5, pf_mask 0x10, 2023-06-26, rev 0x2c000290
sig 0x000806f4, pf_mask 0x10, 2023-06-26, rev 0x2c000290
sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208
sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032
sig 0x00090675, pf_mask 0x07, 2023-06-07, rev 0x0032
sig 0x000b06f2, pf_mask 0x07, 2023-06-07, rev 0x0032
sig 0x000b06f5, pf_mask 0x07, 2023-06-07, rev 0x0032
sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430, size 220160
sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430
sig 0x000906a4, pf_mask 0x80, 2023-06-07, rev 0x0430
sig 0x000906a4, pf_mask 0x40, 2023-05-05, rev 0x0005, size 117760
sig 0x000a0671, pf_mask 0x02, 2023-09-03, rev 0x005d, size 104448
sig 0x000b0671, pf_mask 0x32, 2023-08-29, rev 0x011d, size 210944
sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c, size 216064
sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c
sig 0x000b06a3, pf_mask 0xe0, 2023-08-30, rev 0x411c
sig 0x000b06e0, pf_mask 0x11, 2023-06-26, rev 0x0012, size 136192
* Updated 2023-08-08 changelog entry:
Mitigations for "retvar" on a few processors, refer to the 2023-11-14
entry for details. This information was disclosed in 2023-11-14.
* source: update symlinks to reflect id of the latest release, 20231114
-- Henrique de Moraes Holschuh <email address hidden> Thu, 16 Nov 2023 08:09:43 -0300
Available diffs
| Superseded in bullseye-release |
intel-microcode (3.20230808.1~deb11u1) bullseye-security; urgency=high * Backport to Debian Bullseye * debian/control: revert non-free-firmware change -- Henrique de Moraes Holschuh <email address hidden> Tue, 08 Aug 2023 20:51:57 -0300
| Superseded in bookworm-release |
intel-microcode (3.20230808.1~deb12u1) bookworm-security; urgency=high * Build for bookworm (no changes) -- Henrique de Moraes Holschuh <email address hidden> Tue, 08 Aug 2023 20:08:03 -0300
| Superseded in sid-release |
intel-microcode (3.20230808.1) unstable; urgency=high
* New upstream microcode datafile 20230808 (closes: #1043305)
Mitigations for "Downfall" INTEL-SA-00828 (CVE-2022-40982),
INTEL-SA-00836 (CVE-2023-23908) and INTEL-SA-00837 (CVE-2022-41804)
* Updated microcodes:
sig 0x00050653, pf_mask 0x97, 2023-03-23, rev 0x1000181, size 36864
sig 0x00050654, pf_mask 0xb7, 2023-03-06, rev 0x2007006, size 44032
sig 0x00050656, pf_mask 0xbf, 2023-03-17, rev 0x4003604, size 38912
sig 0x00050657, pf_mask 0xbf, 2023-03-17, rev 0x5003604, size 38912
sig 0x0005065b, pf_mask 0xbf, 2023-03-21, rev 0x7002703, size 30720
sig 0x000606a6, pf_mask 0x87, 2023-03-30, rev 0xd0003a5, size 297984
sig 0x000706e5, pf_mask 0x80, 2023-02-26, rev 0x00bc, size 113664
sig 0x000806c1, pf_mask 0x80, 2023-02-27, rev 0x00ac, size 111616
sig 0x000806c2, pf_mask 0xc2, 2023-02-27, rev 0x002c, size 98304
sig 0x000806d1, pf_mask 0xc2, 2023-02-27, rev 0x0046, size 103424
sig 0x000806e9, pf_mask 0xc0, 2023-02-22, rev 0x00f4, size 106496
sig 0x000806e9, pf_mask 0x10, 2023-02-23, rev 0x00f4, size 105472
sig 0x000806ea, pf_mask 0xc0, 2023-02-23, rev 0x00f4, size 105472
sig 0x000806eb, pf_mask 0xd0, 2023-02-23, rev 0x00f4, size 106496
sig 0x000806ec, pf_mask 0x94, 2023-02-26, rev 0x00f8, size 106496
sig 0x000806f8, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1, size 572416
sig 0x000806f7, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
sig 0x000806f6, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
sig 0x000806f5, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
sig 0x000806f4, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
sig 0x000806f8, pf_mask 0x10, 2023-05-15, rev 0x2c000271, size 605184
sig 0x000806f6, pf_mask 0x10, 2023-05-15, rev 0x2c000271
sig 0x000806f5, pf_mask 0x10, 2023-05-15, rev 0x2c000271
sig 0x000806f4, pf_mask 0x10, 2023-05-15, rev 0x2c000271
sig 0x00090672, pf_mask 0x07, 2023-04-18, rev 0x002e, size 220160
sig 0x00090675, pf_mask 0x07, 2023-04-18, rev 0x002e
sig 0x000b06f2, pf_mask 0x07, 2023-04-18, rev 0x002e
sig 0x000b06f5, pf_mask 0x07, 2023-04-18, rev 0x002e
sig 0x000906a3, pf_mask 0x80, 2023-04-18, rev 0x042c, size 219136
sig 0x000906a4, pf_mask 0x80, 2023-04-18, rev 0x042c
sig 0x000906e9, pf_mask 0x2a, 2023-02-23, rev 0x00f4, size 108544
sig 0x000906ea, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 104448
sig 0x000906eb, pf_mask 0x02, 2023-02-23, rev 0x00f4, size 106496
sig 0x000906ec, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 105472
sig 0x000906ed, pf_mask 0x22, 2023-02-27, rev 0x00fa, size 106496
sig 0x000a0652, pf_mask 0x20, 2023-02-23, rev 0x00f8, size 97280
sig 0x000a0653, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280
sig 0x000a0655, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280
sig 0x000a0660, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 97280
sig 0x000a0661, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 96256
sig 0x000a0671, pf_mask 0x02, 2023-02-26, rev 0x0059, size 104448
sig 0x000b0671, pf_mask 0x32, 2023-06-06, rev 0x0119, size 210944
sig 0x000b06a2, pf_mask 0xe0, 2023-06-06, rev 0x4119, size 216064
sig 0x000b06a3, pf_mask 0xe0, 2023-06-06, rev 0x4119
sig 0x000b06e0, pf_mask 0x11, 2023-04-12, rev 0x0011, size 136192
* source: update symlinks to reflect id of the latest release, 20230808
-- Henrique de Moraes Holschuh <email address hidden> Tue, 08 Aug 2023 17:25:56 -0300
Available diffs
- diff from 3.20230512.1 to 3.20230808.1 (6.0 KiB)
intel-microcode (3.20230512.1) unstable; urgency=medium
* New upstream microcode datafile 20230512 (closes: #1036013)
* Includes fixes or mitigations for an undisclosed security issue
* New microcodes:
sig 0x000906a4, pf_mask 0x40, 2022-10-12, rev 0x0004, size 115712
sig 0x000b06e0, pf_mask 0x01, 2022-12-19, rev 0x0010, size 134144
* Updated microcodes:
sig 0x00050653, pf_mask 0x97, 2022-12-21, rev 0x1000171, size 36864
sig 0x00050654, pf_mask 0xb7, 2022-12-21, rev 0x2006f05, size 44032
sig 0x00050656, pf_mask 0xbf, 2022-12-21, rev 0x4003501, size 37888
sig 0x00050657, pf_mask 0xbf, 2022-12-21, rev 0x5003501, size 37888
sig 0x0005065b, pf_mask 0xbf, 2022-12-21, rev 0x7002601, size 29696
sig 0x000606a6, pf_mask 0x87, 2022-12-28, rev 0xd000390, size 296960
sig 0x000706e5, pf_mask 0x80, 2022-12-25, rev 0x00ba, size 113664
sig 0x000806a1, pf_mask 0x10, 2023-01-13, rev 0x0033, size 34816
sig 0x000806c1, pf_mask 0x80, 2022-12-28, rev 0x00aa, size 110592
sig 0x000806c2, pf_mask 0xc2, 2022-12-28, rev 0x002a, size 97280
sig 0x000806d1, pf_mask 0xc2, 2022-12-28, rev 0x0044, size 102400
sig 0x000806e9, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472
sig 0x000806e9, pf_mask 0x10, 2023-01-02, rev 0x00f2, size 105472
sig 0x000806ea, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472
sig 0x000806eb, pf_mask 0xd0, 2022-12-26, rev 0x00f2, size 105472
sig 0x000806ec, pf_mask 0x94, 2022-12-26, rev 0x00f6, size 105472
sig 0x000806f8, pf_mask 0x87, 2023-03-13, rev 0x2b000461, size 564224
sig 0x000806f7, pf_mask 0x87, 2023-03-13, rev 0x2b000461
sig 0x000806f6, pf_mask 0x87, 2023-03-13, rev 0x2b000461
sig 0x000806f5, pf_mask 0x87, 2023-03-13, rev 0x2b000461
sig 0x000806f4, pf_mask 0x87, 2023-03-13, rev 0x2b000461
sig 0x000806f8, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1, size 595968
sig 0x000806f6, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
sig 0x000806f5, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
sig 0x000806f4, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
sig 0x000906a3, pf_mask 0x80, 2023-02-14, rev 0x042a, size 218112
sig 0x000906a4, pf_mask 0x80, 2023-02-14, rev 0x042a
sig 0x000906e9, pf_mask 0x2a, 2022-12-26, rev 0x00f2, size 108544
sig 0x000906ea, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448
sig 0x000906eb, pf_mask 0x02, 2022-12-26, rev 0x00f2, size 105472
sig 0x000906ec, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448
sig 0x000906ed, pf_mask 0x22, 2023-02-05, rev 0x00f8, size 104448
sig 0x000a0652, pf_mask 0x20, 2022-12-27, rev 0x00f6, size 96256
sig 0x000a0653, pf_mask 0x22, 2023-01-01, rev 0x00f6, size 97280
sig 0x000a0655, pf_mask 0x22, 2022-12-26, rev 0x00f6, size 96256
sig 0x000a0660, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 97280
sig 0x000a0661, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 96256
sig 0x000a0671, pf_mask 0x02, 2022-12-25, rev 0x0058, size 103424
sig 0x000b0671, pf_mask 0x32, 2023-02-06, rev 0x0113, size 207872
sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112, size 212992
sig 0x000b06a3, pf_mask 0xc0, 2023-02-22, rev 0x4112
* source: update symlinks to reflect id of the latest release, 20230512
-- Henrique de Moraes Holschuh <email address hidden> Tue, 16 May 2023 00:13:02 -0300
Available diffs
| Superseded in bullseye-release |
intel-microcode (3.20230214.1~deb11u1) bullseye; urgency=medium
* Non-maintainer upload.
* Backport package 3.20230214.1 for bullseye.
* New upstream microcode datafile 20230214
- Includes Fixes for: (Closes: #1031334)
- INTEL-SA-00700 (CVE-2022-21216):
Insufficient granularity of access control in out-of-band management
in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a
privileged user to potentially enable escalation of privilege via
adjacent network access.
- INTEL-SA-00730 (CVE-2022-33972):
Incorrect calculation in microcode keying mechanism for some 3rd
Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged
user to potentially enable information disclosure via local acces
- INTEL-SA-00738 (CVE-2022-33196):
Incorrect default permissions in some memory controller configurations
for some Intel(R) Xeon(R) Processors when using Intel(R) Software
Guard Extensions which may allow a privileged user to potentially
enable escalation of privilege via local access.
- INTEL-SA-00767 (CVE-2022-38090):
Improper isolation of shared resources in some Intel(R) Processors
when using Intel(R) Software Guard Extensions may allow a privileged
user to potentially enable information disclosure via local access.
* New Microcodes:
sig 0x000806f4, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064
sig 0x000806f4, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152
sig 0x000806f5, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064
sig 0x000806f5, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152
sig 0x000806f6, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064
sig 0x000806f6, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152
sig 0x000806f7, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152
sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064
sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152
sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e, size 212992
sig 0x000b06a3, pf_mask 0xc0, 2022-12-08, rev 0x410e, size 212992
* Updated Microcodes:
sig 0x00050653, pf_mask 0x97, 2022-08-30, rev 0x1000161, size 36864
sig 0x00050656, pf_mask 0xbf, 2022-08-26, rev 0x4003303, size 37888
sig 0x00050657, pf_mask 0xbf, 2022-08-26, rev 0x5003303, size 37888
sig 0x0005065b, pf_mask 0xbf, 2022-08-26, rev 0x7002503, size 29696
sig 0x000606a6, pf_mask 0x87, 2022-10-09, rev 0xd000389, size 296960
sig 0x000606c1, pf_mask 0x10, 2022-09-23, rev 0x1000211, size 289792
sig 0x000706a1, pf_mask 0x01, 2022-09-16, rev 0x003e, size 75776
sig 0x000706a8, pf_mask 0x01, 2022-09-20, rev 0x0022, size 76800
sig 0x000706e5, pf_mask 0x80, 2022-08-31, rev 0x00b8, size 113664
sig 0x000806a1, pf_mask 0x10, 2022-09-07, rev 0x0032, size 34816
sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136
sig 0x00090675, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136
sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429, size 218112
sig 0x000906a4, pf_mask 0x80, 2023-01-11, rev 0x0429, size 218112
sig 0x000906c0, pf_mask 0x01, 2022-09-02, rev 0x24000024, size 20480
sig 0x000a0671, pf_mask 0x02, 2022-08-31, rev 0x0057, size 103424
sig 0x000b0671, pf_mask 0x32, 2022-12-19, rev 0x0112, size 207872
sig 0x000b06f2, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136
sig 0x000b06f5, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136
-- Tobias Frost <email address hidden> Thu, 16 Mar 2023 15:32:02 +0100
| Superseded in sid-release |
intel-microcode (3.20230214.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream microcode datafile 20230214
- Includes Fixes for: (Closes: #1031334)
- INTEL-SA-00700 (CVE-2022-21216):
Insufficient granularity of access control in out-of-band management
in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a
privileged user to potentially enable escalation of privilege via
adjacent network access.
- INTEL-SA-00730 (CVE-2022-33972):
Incorrect calculation in microcode keying mechanism for some 3rd
Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged
user to potentially enable information disclosure via local acces
- INTEL-SA-00738 (CVE-2022-33196):
Incorrect default permissions in some memory controller configurations
for some Intel(R) Xeon(R) Processors when using Intel(R) Software
Guard Extensions which may allow a privileged user to potentially
enable escalation of privilege via local access.
- INTEL-SA-00767 (CVE-2022-38090):
Improper isolation of shared resources in some Intel(R) Processors
when using Intel(R) Software Guard Extensions may allow a privileged
user to potentially enable information disclosure via local access.
* New Microcodes:
sig 0x000806f4, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064
sig 0x000806f4, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152
sig 0x000806f5, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064
sig 0x000806f5, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152
sig 0x000806f6, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064
sig 0x000806f6, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152
sig 0x000806f7, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152
sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064
sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152
sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e, size 212992
sig 0x000b06a3, pf_mask 0xc0, 2022-12-08, rev 0x410e, size 212992
* Updated Microcodes:
sig 0x00050653, pf_mask 0x97, 2022-08-30, rev 0x1000161, size 36864
sig 0x00050656, pf_mask 0xbf, 2022-08-26, rev 0x4003303, size 37888
sig 0x00050657, pf_mask 0xbf, 2022-08-26, rev 0x5003303, size 37888
sig 0x0005065b, pf_mask 0xbf, 2022-08-26, rev 0x7002503, size 29696
sig 0x000606a6, pf_mask 0x87, 2022-10-09, rev 0xd000389, size 296960
sig 0x000606c1, pf_mask 0x10, 2022-09-23, rev 0x1000211, size 289792
sig 0x000706a1, pf_mask 0x01, 2022-09-16, rev 0x003e, size 75776
sig 0x000706a8, pf_mask 0x01, 2022-09-20, rev 0x0022, size 76800
sig 0x000706e5, pf_mask 0x80, 2022-08-31, rev 0x00b8, size 113664
sig 0x000806a1, pf_mask 0x10, 2022-09-07, rev 0x0032, size 34816
sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136
sig 0x00090675, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136
sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429, size 218112
sig 0x000906a4, pf_mask 0x80, 2023-01-11, rev 0x0429, size 218112
sig 0x000906c0, pf_mask 0x01, 2022-09-02, rev 0x24000024, size 20480
sig 0x000a0671, pf_mask 0x02, 2022-08-31, rev 0x0057, size 103424
sig 0x000b0671, pf_mask 0x32, 2022-12-19, rev 0x0112, size 207872
sig 0x000b06f2, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136
sig 0x000b06f5, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136
-- Tobias Frost <email address hidden> Tue, 14 Mar 2023 19:17:02 +0100
| Superseded in sid-release |
intel-microcode (3.20221108.2) unstable; urgency=medium
* Move source and binary from non-free/admin to non-free-firmware/admin
following the 2022 General Resolution about non-free firmware.
-- Cyril Brulebois <email address hidden> Fri, 17 Feb 2023 01:12:52 +0100
| Superseded in sid-release |
intel-microcode (3.20221108.1) unstable; urgency=medium
* New upstream microcode datafile 20221108
* New Microcodes:
sig 0x000606c1, pf_mask 0x10, 2022-08-07, rev 0x1000201, size 286720
sig 0x000b0671, pf_mask 0x32, 2022-09-07, rev 0x010e, size 204800
* Updated Microcodes:
sig 0x000706e5, pf_mask 0x80, 2022-08-02, rev 0x00b6, size 113664
sig 0x000806c1, pf_mask 0x80, 2022-06-28, rev 0x00a6, size 110592
sig 0x000806d1, pf_mask 0xc2, 2022-06-28, rev 0x0042, size 102400
sig 0x000806ec, pf_mask 0x94, 2022-07-31, rev 0x00f4, size 105472
sig 0x00090661, pf_mask 0x01, 2022-07-15, rev 0x0017, size 20480
sig 0x00090672, pf_mask 0x07, 2022-09-19, rev 0x0026, size 218112
sig 0x00090675, pf_mask 0x07, 2022-09-19, rev 0x0026
sig 0x000b06f2, pf_mask 0x07, 2022-09-19, rev 0x0026
sig 0x000b06f5, pf_mask 0x07, 2022-09-19, rev 0x0026
sig 0x000906a3, pf_mask 0x80, 2022-09-19, rev 0x0424, size 217088
sig 0x000906a4, pf_mask 0x80, 2022-09-19, rev 0x0424
sig 0x000906ed, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 104448
sig 0x000a0652, pf_mask 0x20, 2022-07-31, rev 0x00f4, size 96256
sig 0x000a0653, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 97280
sig 0x000a0655, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 96256
sig 0x000a0660, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 97280
sig 0x000a0661, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 96256
sig 0x000a0671, pf_mask 0x02, 2022-08-02, rev 0x0056, size 103424
-- Henrique de Moraes Holschuh <email address hidden> Sat, 03 Dec 2022 17:21:08 -0300
| Published in buster-release |
intel-microcode (3.20220510.1~deb10u1) buster-security; urgency=medium
* Backport to Debian buster (no relevant changes)
* Update upstream changelog with INTEL-00615 information
* Mitigates INTEL-00615: CVE-2022-21151, CVE-2022-21166, CVE-2022-21127,
CVE-2022-21125, CVE-2022-21123
-- Henrique de Moraes Holschuh <email address hidden> Mon, 04 Jul 2022 16:42:50 -0300
| Superseded in bullseye-release |
intel-microcode (3.20220510.1~deb11u1) bullseye-security; urgency=medium
* Backport to Debian bullseye (no relevant changes)
* Update upstream changelog with INTEL-00615 information
* Mitigates INTEL-00615: CVE-2022-21151, CVE-2022-21166, CVE-2022-21127,
CVE-2022-21125, CVE-2022-21123
-- Henrique de Moraes Holschuh <email address hidden> Mon, 04 Jul 2022 15:12:09 -0300
| Superseded in sid-release |
intel-microcode (3.20220809.1) unstable; urgency=medium
* New upstream microcode datafile 20220809
* Fixes INTEL-SA-00657, CVE-2022-21233
Stale data from APIC leaks SGX memory (AEPIC leak)
* Fixes unspecified errata (functional issues) on Xeon Scalable
* Updated Microcodes:
sig 0x00050653, pf_mask 0x97, 2022-03-14, rev 0x100015e, size 34816
sig 0x00050654, pf_mask 0xb7, 2022-03-08, rev 0x2006e05, size 44032
sig 0x000606a6, pf_mask 0x87, 2022-04-07, rev 0xd000375, size 293888
sig 0x000706a1, pf_mask 0x01, 2022-03-23, rev 0x003c, size 75776
sig 0x000706a8, pf_mask 0x01, 2022-03-23, rev 0x0020, size 75776
sig 0x000706e5, pf_mask 0x80, 2022-03-17, rev 0x00b2, size 112640
sig 0x000806c2, pf_mask 0xc2, 2022-03-19, rev 0x0028, size 97280
sig 0x000806d1, pf_mask 0xc2, 2022-03-28, rev 0x0040, size 102400
sig 0x00090672, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
sig 0x00090675, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
sig 0x000906a3, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
sig 0x000906a4, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
sig 0x000a0671, pf_mask 0x02, 2022-03-17, rev 0x0054, size 103424
sig 0x000b06f2, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
sig 0x000b06f5, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
* source: update symlinks to reflect id of the latest release, 20220809
-- Henrique de Moraes Holschuh <email address hidden> Fri, 19 Aug 2022 14:21:20 -0300
| Superseded in sid-release |
intel-microcode (3.20220510.1) unstable; urgency=medium
* New upstream microcode datafile 20220510
* Fixes INTEL-SA-000617, CVE-2022-21151:
Processor optimization removal or modification of security-critical
code may allow an authenticated user to potentially enable information
disclosure via local access (closes: #1010947)
* Fixes several errata (functional issues) on Xeon Scalable, Atom C3000,
Atom E3900
* New Microcodes:
sig 0x00090672, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
sig 0x00090675, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
sig 0x000906a3, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
sig 0x000906a4, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
sig 0x000b06f2, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
sig 0x000b06f5, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
* Updated Microcodes:
sig 0x00030679, pf_mask 0x0f, 2019-07-10, rev 0x090d, size 52224
sig 0x000406e3, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 106496
sig 0x00050653, pf_mask 0x97, 2021-11-13, rev 0x100015d, size 34816
sig 0x00050654, pf_mask 0xb7, 2021-11-13, rev 0x2006d05, size 43008
sig 0x00050656, pf_mask 0xbf, 2021-12-10, rev 0x4003302, size 37888
sig 0x00050657, pf_mask 0xbf, 2021-12-10, rev 0x5003302, size 37888
sig 0x0005065b, pf_mask 0xbf, 2021-11-19, rev 0x7002501, size 29696
sig 0x000506c9, pf_mask 0x03, 2021-11-16, rev 0x0048, size 17408
sig 0x000506e3, pf_mask 0x36, 2021-11-12, rev 0x00f0, size 109568
sig 0x000506f1, pf_mask 0x01, 2021-12-02, rev 0x0038, size 11264
sig 0x000606a6, pf_mask 0x87, 2022-03-30, rev 0xd000363, size 294912
sig 0x000706a1, pf_mask 0x01, 2021-11-22, rev 0x003a, size 75776
sig 0x000706a8, pf_mask 0x01, 2021-11-22, rev 0x001e, size 75776
sig 0x000706e5, pf_mask 0x80, 2022-03-09, rev 0x00b0, size 112640
sig 0x000806a1, pf_mask 0x10, 2022-03-26, rev 0x0031, size 34816
sig 0x000806c1, pf_mask 0x80, 2022-02-01, rev 0x00a4, size 109568
sig 0x000806c2, pf_mask 0xc2, 2021-12-07, rev 0x0026, size 97280
sig 0x000806d1, pf_mask 0xc2, 2021-12-07, rev 0x003e, size 102400
sig 0x000806e9, pf_mask 0x10, 2021-11-12, rev 0x00f0, size 105472
sig 0x000806e9, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
sig 0x000806ea, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
sig 0x000806eb, pf_mask 0xd0, 2021-11-15, rev 0x00f0, size 105472
sig 0x000806ec, pf_mask 0x94, 2021-11-17, rev 0x00f0, size 105472
sig 0x00090661, pf_mask 0x01, 2022-02-03, rev 0x0016, size 20480
sig 0x000906c0, pf_mask 0x01, 2022-02-19, rev 0x24000023, size 20480
sig 0x000906e9, pf_mask 0x2a, 2021-11-12, rev 0x00f0, size 108544
sig 0x000906ea, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
sig 0x000906eb, pf_mask 0x02, 2021-11-12, rev 0x00f0, size 105472
sig 0x000906ec, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
sig 0x000906ed, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 104448
sig 0x000a0652, pf_mask 0x20, 2021-11-16, rev 0x00f0, size 96256
sig 0x000a0653, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 97280
sig 0x000a0655, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 96256
sig 0x000a0660, pf_mask 0x80, 2021-11-15, rev 0x00f0, size 96256
sig 0x000a0661, pf_mask 0x80, 2021-11-16, rev 0x00f0, size 96256
sig 0x000a0671, pf_mask 0x02, 2022-03-09, rev 0x0053, size 103424
* source: update symlinks to reflect id of the latest release, 20220510
-- Henrique de Moraes Holschuh <email address hidden> Sun, 15 May 2022 20:09:05 -0300
| Superseded in buster-release |
intel-microcode (3.20220207.1~deb10u1) buster; urgency=medium
* Backport for Debian oldstable (no changes)
* Release manager: this is the same package already in bullseye-backports,
testing and unstable. It fixes several security issues, adds MSRs that
can be enabled by updated kernels for enhanced security mitigaton, and
also fixes several critical "functional issues" (i.e. processor errata).
There were no reports to date of regressions introduced by this microcode
drelease.
-- Henrique de Moraes Holschuh <email address hidden> Sun, 20 Mar 2022 18:19:10 -0300
| Superseded in bullseye-release |
intel-microcode (3.20220207.1~deb11u1) bullseye; urgency=medium
* Backport for Debian stable (no changes)
* Release manager: this is the same package already in bullseye-backports,
testing and unstable. It fixes several security issues, adds MSRs that
can be enabled by updated kernels for enhanced security mitigaton, and
also fixes several critical "functional issues" (i.e. processor errata).
There were no reports to date of regressions introduced by this microcode
drelease.
-- Henrique de Moraes Holschuh <email address hidden> Sun, 20 Mar 2022 17:40:05 -0300
| Superseded in sid-release |
intel-microcode (3.20220207.1) unstable; urgency=medium
* upstream changelog: new upstream datafile 20220207
* Mitigates (*only* when loaded from UEFI firmware through the FIT)
CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through
debug port, on Pentium, Celeron and Atom processors with signatures
0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145
* Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint
may cause a system hang, on many processors.
* Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due
to improper sanitization of shared resources (fast-store forward
predictor), on many processors.
* Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some
Atom Processors may allow information disclosure or denial of service
via network access.
* Fixes critical errata (functional issues) on many processors
* Adds a MSR switch to enable RAPL filtering (default off, once enabled
it can only be disabled by poweroff or reboot). Useful to protect
SGX and other threads from side-channel info leak. Improves the
mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many
processors.
* Disables TSX in more processor models.
* Fixes issue with WBINDV on multi-socket (server) systems which could
cause resets and unpredictable system behavior.
* Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket
Lake) processors, to control a fix for (hopefully rare) unpredictable
processor behavior when HyperThreading is enabled. This MSR switch
is enabled by default on *server* processors. On other processors,
it needs to be explicitly enabled by an updated UEFI/BIOS (with added
configuration logic). An updated operating system kernel might also
be able to enable it. When enabled, this fix can impact performance.
* Updated Microcodes:
sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912
sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552
sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472
sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816
sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008
sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840
sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864
sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672
sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672
sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648
sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552
sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408
sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384
sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544
sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264
sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840
sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752
sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776
sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592
sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816
sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568
sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256
sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376
sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448
sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448
sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424
sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448
sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448
sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480
sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480
sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496
sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400
sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448
sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184
sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208
sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208
sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208
sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184
sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400
* Removed Microcodes:
sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
* update .gitignore and debian/.gitignore.
Add some missing items from .gitignore and debian/.gitignore.
* ucode-blacklist: do not late-load 0x406e3 and 0x506e3.
When the BIOS microcode is older than revision 0x7f (and perhaps in some
other cases as well), the latest microcode updates for 0x406e3 and
0x506e3 must be applied using the early update method. Otherwise, the
system might hang. Also: there must not be any other intermediate
microcode update attempts [other than the one done by the BIOS itself],
either. It must go from the BIOS microcode update directly to the
latest microcode update.
* source: update symlinks to reflect id of the latest release, 20220207
-- Henrique de Moraes Holschuh <email address hidden> Fri, 25 Feb 2022 05:36:55 -0300
| Superseded in buster-release |
intel-microcode (3.20210608.2~deb10u1) buster-security; urgency=high
* SECURITY UPDATE with known possible regressions
* Refer to the changelog entry for 3.20210608.1 for the list of security
fixes in this release.
* Possible regression: CoffeLake processors with signature 0x906ea *and*
Intel Wireless LAN on-board
- The Intel WiFi firmware might stop working, refer to:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/56
* Possible regression: Skylake R0/D0 (signatures 0x406e3 and 0x506e3),
- Motherboards with severely outdated firmware where the UEFI/BIOS microcode
revision is less than 0x80 may hang on boot. Refer to:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
* Reintroduces all fixes (including several security updates) to Skylake
D0/R0 that were temporarily disabled in past releases. Refer to changelog
entries since (and including) 3.20200609.1 for the list of security fixes.
-- Henrique de Moraes Holschuh <email address hidden> Wed, 23 Jun 2021 17:52:40 -0300
intel-microcode (3.20210608.2) unstable; urgency=high
* Correct INTEL-SA-00442 CVE id to CVE-2020-24489 in changelog and
debian/changelog (3.20210608.1).
-- Henrique de Moraes Holschuh <email address hidden> Wed, 23 Jun 2021 13:42:19 -0300
| Superseded in sid-release |
intel-microcode (3.20210608.1) unstable; urgency=high
* New upstream microcode datafile 20210608 (closes: #989615)
* Implements mitigations for CVE-2020-24511 CVE-2020-24512
(INTEL-SA-00464), information leakage through shared resources,
and timing discrepancy sidechannels
* Implements mitigations for CVE-2020-24513 (INTEL-SA-00465),
Domain-bypass transient execution vulnerability in some Intel Atom
Processors, affects Intel SGX.
* Implements mitigations for CVE-2021-24489 (INTEL-SA-00442), Intel
VT-d privilege escalation
* Fixes critical errata on several processors
* New Microcodes:
sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x3000010, size 47104
sig 0x000606a5, pf_mask 0x87, 2021-03-08, rev 0xc0002f0, size 283648
sig 0x000606a6, pf_mask 0x87, 2021-04-25, rev 0xd0002a0, size 283648
sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
sig 0x000806c1, pf_mask 0x80, 2021-03-31, rev 0x0088, size 109568
sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016, size 94208
sig 0x000806d1, pf_mask 0xc2, 2021-04-23, rev 0x002c, size 99328
sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011, size 19456
sig 0x000906c0, pf_mask 0x01, 2021-03-23, rev 0x001d, size 19456
sig 0x000a0671, pf_mask 0x02, 2021-04-11, rev 0x0040, size 100352
* Updated Microcodes:
sig 0x000306f2, pf_mask 0x6f, 2021-01-27, rev 0x0046, size 34816
sig 0x000306f4, pf_mask 0x80, 2021-02-05, rev 0x0019, size 19456
sig 0x000406e3, pf_mask 0xc0, 2021-01-25, rev 0x00ea, size 105472
sig 0x000406f1, pf_mask 0xef, 2021-02-06, rev 0xb00003e, size 31744
sig 0x00050653, pf_mask 0x97, 2021-03-08, rev 0x100015b, size 34816
sig 0x00050654, pf_mask 0xb7, 2021-03-08, rev 0x2006b06, size 36864
sig 0x00050656, pf_mask 0xbf, 2021-03-08, rev 0x4003102, size 30720
sig 0x00050657, pf_mask 0xbf, 2021-03-08, rev 0x5003102, size 30720
sig 0x0005065b, pf_mask 0xbf, 2021-04-23, rev 0x7002302, size 27648
sig 0x00050663, pf_mask 0x10, 2021-02-04, rev 0x700001b, size 24576
sig 0x00050664, pf_mask 0x10, 2021-02-04, rev 0xf000019, size 24576
sig 0x00050665, pf_mask 0x10, 2021-02-04, rev 0xe000012, size 19456
sig 0x000506c9, pf_mask 0x03, 2020-10-23, rev 0x0044, size 17408
sig 0x000506ca, pf_mask 0x03, 2020-10-23, rev 0x0020, size 15360
sig 0x000506e3, pf_mask 0x36, 2021-01-25, rev 0x00ea, size 105472
sig 0x000506f1, pf_mask 0x01, 2020-10-23, rev 0x0034, size 11264
sig 0x000706a1, pf_mask 0x01, 2020-10-23, rev 0x0036, size 74752
sig 0x000706a8, pf_mask 0x01, 2020-10-23, rev 0x001a, size 75776
sig 0x000706e5, pf_mask 0x80, 2020-11-01, rev 0x00a6, size 110592
sig 0x000806a1, pf_mask 0x10, 2020-11-06, rev 0x002a, size 32768
sig 0x000806e9, pf_mask 0x10, 2021-01-05, rev 0x00ea, size 104448
sig 0x000806e9, pf_mask 0xc0, 2021-01-05, rev 0x00ea, size 104448
sig 0x000806ea, pf_mask 0xc0, 2021-01-06, rev 0x00ea, size 103424
sig 0x000806eb, pf_mask 0xd0, 2021-01-05, rev 0x00ea, size 104448
sig 0x000806ec, pf_mask 0x94, 2021-01-05, rev 0x00ea, size 104448
sig 0x000906e9, pf_mask 0x2a, 2021-01-05, rev 0x00ea, size 104448
sig 0x000906ea, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 102400
sig 0x000906eb, pf_mask 0x02, 2021-01-05, rev 0x00ea, size 104448
sig 0x000906ec, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
sig 0x000906ed, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
sig 0x000a0652, pf_mask 0x20, 2021-02-07, rev 0x00ea, size 93184
sig 0x000a0653, pf_mask 0x22, 2021-03-08, rev 0x00ea, size 94208
sig 0x000a0655, pf_mask 0x22, 2021-03-08, rev 0x00ec, size 94208
sig 0x000a0660, pf_mask 0x80, 2020-12-08, rev 0x00e8, size 94208
sig 0x000a0661, pf_mask 0x80, 2021-02-07, rev 0x00ea, size 93184
* source: update symlinks to reflect id of the latest release, 20210608
-- Henrique de Moraes Holschuh <email address hidden> Tue, 08 Jun 2021 22:37:57 -0300
| Superseded in buster-release |
intel-microcode (3.20210216.1~deb10u1) buster; urgency=medium
* RELEASE MANAGER INFORMATION: this update mitigates an extra security
issue on a few processors, as described in 3.20210216.1 changelog.
It has zero reports of regressions when compared with 3.20201118.1~deb10u1
thus it is a safe stable update.
* Rebuild for buster, keeping all changes to avoid regressions present
in 3.20201118.1~deb10u1.
-- Henrique de Moraes Holschuh <email address hidden> Sat, 20 Mar 2021 11:57:37 -0300
| Superseded in sid-release |
intel-microcode (3.20210216.1) unstable; urgency=medium
* New upstream microcode datafile 20210216
* Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
and Cascade Lake Server (B0/B1) when using an active JTAG
agent like In Target Probe (ITP), Direct Connect Interface
(DCI) or a Baseboard Management Controller (BMC) to take the
CPU JTAG/TAP out of reset and then returning it to reset.
* This issue is related to the INTEL-SA-00381 mitigation.
* Updated Microcodes:
sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
* source: update symlinks to reflect id of the latest release, 20210216
-- Henrique de Moraes Holschuh <email address hidden> Wed, 17 Feb 2021 11:26:06 -0300
| Superseded in buster-release |
intel-microcode (3.20201118.1~deb10u1) buster; urgency=high
* Rebuild for buster, with changes to avoid regressions
* Stable Release Manager: this intel-microcode update *keeps the same
revision* of Skylake D0/R0 microcode updates already in Debian 10; they're
"downgraded" from the point of view of intel-microcode 3.20201118.1.
For these two processor models, an attempt to update to revisions 0xd8
and higher can hang the system should the system firmware have a microcode
revision older than 0x80 -- and revision 0x72/0x74/0x76 apparently are
common enough in the field to ensure many users are affected.
Refer to:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
* Downgraded microcodes (to upstream release 20200616):
sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
-- Henrique de Moraes Holschuh <email address hidden> Sat, 23 Jan 2021 20:21:54 -0300
| Superseded in sid-release |
intel-microcode (3.20201118.1) unstable; urgency=medium
* New upstream microcode datafile 20201118
* Removes a faulty microcode update from release 2020-11-10 for Tiger Lake
processors. Note that Debian already had removed this specific falty
microcode update on the 3.20201110.1 release
* Add a microcode update for the Pentium Silver N/J5xxx and Celeron
N/J4xxx which didn't make it to release 20201110, fixing security issues
(INTEL-SA-00381, INTEL-SA-00389)
* Updated Microcodes:
sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752
* Removed Microcodes:
sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520
-- Henrique de Moraes Holschuh <email address hidden> Sun, 27 Dec 2020 15:59:32 -0300
| Superseded in sid-release |
intel-microcode (3.20201110.1) unstable; urgency=medium
* New upstream microcode datafile 20201110 (closes: #974533)
* Implements mitigation for CVE-2020-8696 and CVE-2020-8698,
aka INTEL-SA-00381: AVX register information leakage;
Fast-Forward store predictor information leakage
* Implements mitigation for CVE-2020-8695, Intel SGX information
disclosure via RAPL, aka INTEL-SA-00389
* Fixes critical errata on several processor models
* Reintroduces SRBDS mitigations(CVE-2020-0543, INTEL-SA-00320)
for Skylake-U/Y, Skylake Xeon E3
* New Microcodes
sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e, size 27648
sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028, size 32768
sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520
sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0, size 93184
sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 94208
sig 0x000a0655, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 93184
sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0, size 93184
* Updated Microcodes
sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044, size 34816
sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2, size 105472
sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159, size 33792
sig 0x00050654, pf_mask 0xb7, 2020-06-16, rev 0x2006a08, size 35840
sig 0x00050656, pf_mask 0xbf, 2020-06-18, rev 0x4003003, size 52224
sig 0x00050657, pf_mask 0xbf, 2020-06-18, rev 0x5003003, size 52224
sig 0x000506c9, pf_mask 0x03, 2020-02-27, rev 0x0040, size 17408
sig 0x000506ca, pf_mask 0x03, 2020-02-27, rev 0x001e, size 15360
sig 0x000506e3, pf_mask 0x36, 2020-07-14, rev 0x00e2, size 105472
sig 0x000706a8, pf_mask 0x01, 2020-06-09, rev 0x0018, size 75776
sig 0x000706e5, pf_mask 0x80, 2020-07-30, rev 0x00a0, size 109568
sig 0x000806e9, pf_mask 0x10, 2020-05-27, rev 0x00de, size 104448
sig 0x000806e9, pf_mask 0xc0, 2020-05-27, rev 0x00de, size 104448
sig 0x000806ea, pf_mask 0xc0, 2020-06-17, rev 0x00e0, size 104448
sig 0x000806eb, pf_mask 0xd0, 2020-06-03, rev 0x00de, size 104448
sig 0x000806ec, pf_mask 0x94, 2020-05-18, rev 0x00de, size 104448
sig 0x000906e9, pf_mask 0x2a, 2020-05-26, rev 0x00de, size 104448
sig 0x000906ea, pf_mask 0x22, 2020-05-25, rev 0x00de, size 103424
sig 0x000906eb, pf_mask 0x02, 2020-05-25, rev 0x00de, size 104448
sig 0x000906ec, pf_mask 0x22, 2020-06-03, rev 0x00de, size 103424
sig 0x000906ed, pf_mask 0x22, 2020-05-24, rev 0x00de, size 103424
sig 0x000a0660, pf_mask 0x80, 2020-07-08, rev 0x00e0, size 94208
* 0x806c1: remove the new Tiger Lake update: causes hang on cold/warm boot
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
INTEL-SA-00381 AND INTEL-SA-00389 MITIGATIONS ARE THEREFORE NOT INSTALLED
FOR 0x806c1 TIGER LAKE PROCESSORS by this package update. Contact your
system vendor for a firmware update, or wait fo a possible fix in a future
Intel microcode release.
* source: update symlinks to reflect id of the latest release, 20201110
* source: ship new upstream documentation (security.md, releasenote.md)
-- Henrique de Moraes Holschuh <email address hidden> Thu, 12 Nov 2020 15:03:36 -0300
| Superseded in buster-release |
intel-microcode (3.20200616.1~deb10u1) buster; urgency=high * Rebuild for Debian stable (buster), no changes -- Henrique de Moraes Holschuh <email address hidden> Sun, 05 Jul 2020 15:18:54 -0300
| Published in stretch-release |
intel-microcode (3.20200616.1~deb9u1) stretch; urgency=high * Rebuild for Debian oldstable (stretch), no changes -- Henrique de Moraes Holschuh <email address hidden> Sun, 05 Jul 2020 15:26:41 -0300
| Superseded in sid-release |
intel-microcode (3.20200616.1) unstable; urgency=high
* New upstream microcode datafile 20200616
+ Downgraded microcodes (to a previously shipped revision):
sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
* Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3,
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
* This update *removes* the SRBDS mitigations from the above processors
* Note that Debian had already downgraded 0x406e3 in release 3.20200609.2
-- Henrique de Moraes Holschuh <email address hidden> Sun, 28 Jun 2020 18:38:57 -0300
| Superseded in sid-release |
intel-microcode (3.20200609.2) unstable; urgency=medium
* REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression
* Microcode rollbacks (closes: LP#1883002)
sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
* THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS
* Avoid hangs on boot on (some?) Skylake-U/Y processors,
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
* ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading,
just in case. Note that Debian does not do late loading by itself.
Refer to LP#1883002 for the report, 0x806ec hangs upon late load.
-- Henrique de Moraes Holschuh <email address hidden> Thu, 11 Jun 2020 08:55:07 -0300
| Superseded in sid-release |
intel-microcode (3.20200609.1) unstable; urgency=high
* SECURITY UPDATE
* For most processors: SRBDS and/or VRDS, L1DCES mitigations depending
on the processor model
* For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and
L1DCES mitigations, plus mitigations described in the changelog entry
for package release 3.20191112.1.
* Expect some performance impact, the mitigations are enabled by
default. A Linux kernel update will be issued that allows one to
selectively disable the mitigations.
* New upstream microcode datafile 20200609
* Implements mitigation for CVE-2020-0543 Special Register Buffer Data
Sampling (SRBDS), INTEL-SA-00320, CROSSTalk
* Implements mitigation for CVE-2020-0548 Vector Register Data Sampling
(VRDS), INTEL-SA-00329
* Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling
(L1DCES), INTEL-SA-00329
* Known to fix the regression introduced in release 2019-11-12 (sig
0x50564, rev. 0x2000065), which would cause several systems with
Skylake Xeon, Skylake HEDT processors to hang while rebooting
* Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552
sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456
sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528
sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600
sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336
sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448
sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768
sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816
sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224
sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224
sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448
sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424
* Restores the microcode-level fixes that were reverted by release
3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT)
-- Henrique de Moraes Holschuh <email address hidden> Tue, 09 Jun 2020 17:16:46 -0300
| Superseded in sid-release |
intel-microcode (3.20200520.1) unstable; urgency=medium
* New upstream microcode datafile 20200520
+ Updated Microcodes:
sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432
sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456
-- Henrique de Moraes Holschuh <email address hidden> Thu, 21 May 2020 11:44:00 -0300
| Superseded in sid-release |
intel-microcode (3.20200508.1) unstable; urgency=medium
* New upstream microcode datafile 20200508
+ Updated Microcodes:
sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520
* Likely fixes several critical errata on IceLake-U/Y causing system
hangs
-- Henrique de Moraes Holschuh <email address hidden> Sat, 09 May 2020 23:30:43 -0300
| Superseded in stretch-release |
intel-microcode (3.20191115.2~deb9u1) stretch-security; urgency=high * Rebuild for stretch-security (no changes) * Refer to DSA-4565-2 for details. -- Henrique de Moraes Holschuh <email address hidden> Wed, 11 Dec 2019 16:39:18 -0300
| Superseded in buster-release |
intel-microcode (3.20191115.2~deb10u1) buster-security; urgency=high * Rebuild for buster-security (no changes) * Refer to DSA-4565-2 for details. -- Henrique de Moraes Holschuh <email address hidden> Wed, 11 Dec 2019 15:52:02 -0300
| Superseded in sid-release |
intel-microcode (3.20191115.2) unstable; urgency=medium
* Microcode rollbacks (closes: #946515, LP#1854764):
sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
* Avoids hangs on warm reboots (cold boots work fine) on HEDT and
Xeon processors with signature 0x50654.
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
-- Henrique de Moraes Holschuh <email address hidden> Tue, 10 Dec 2019 23:10:19 -0300
| Superseded in sid-release |
intel-microcode (3.20191115.1) unstable; urgency=high
* New upstream microcode datafile 20191115
+ Updated Microcodes:
sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352
sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352
sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352
sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352
sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352
sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136
-- Henrique de Moraes Holschuh <email address hidden> Sat, 16 Nov 2019 23:14:58 -0300
| Superseded in sid-release |
intel-microcode (3.20191113.1) unstable; urgency=high
* New upstream microcode datafile 20191113
+ SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details
Adds microcode update for CFL-S (Coffe Lake Desktop)
INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117
+ Updated Microcodes (previously removed):
sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
-- Henrique de Moraes Holschuh <email address hidden> Fri, 15 Nov 2019 00:43:54 -0300
| Superseded in sid-release |
intel-microcode (3.20191112.1) unstable; urgency=medium
* New upstream microcode datafile 20191112
+ SECURITY UPDATE
- Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135
- Implements TA Indirect Sharing mitigation, and improves the
MDS mitigation (VERW)
- Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271,
CVE-2019-11139
- Fixes SGX vulnerabilities and errata (including CVE-2019-0117)
+ CRITICAL ERRATA FIXES
- Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except
Ice Lake), causes a 0-3% typical perforance hit (can be as bad
as 10%). But ensures the processor will actually jump where it
should, so don't even *dream* of not applying this fix.
- Fixes AVX SHUF* instruction implementation flaw erratum
+ Removed Microcodes:
sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
+ New Microcodes:
sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992
sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200
sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040
sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752
sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400
sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136
+ Updated Microcodes:
sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376
sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x2000065, size 34816
sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200
sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376
sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728
sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328
sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352
sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328
sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352
sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352
sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352
sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352
sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
+ Updated Microcodes (previously removed):
sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768
-- Henrique de Moraes Holschuh <email address hidden> Tue, 12 Nov 2019 23:21:54 -0300
| Superseded in sid-release |
intel-microcode (3.20190918.1) unstable; urgency=medium
* New upstream microcode datafile 20190918
+ SECURITY UPDATE
*Might* contain mitigations for INTEL-SA-00247 (RAMBleed), given
the set of processors being updated.
+ Updated Microcodes:
sig 0x000306d4, pf_mask 0xc0, 2019-06-13, rev 0x002e, size 19456
sig 0x000306f4, pf_mask 0x80, 2019-06-17, rev 0x0016, size 18432
sig 0x00040671, pf_mask 0x22, 2019-06-13, rev 0x0021, size 14336
sig 0x000406f1, pf_mask 0xef, 2019-06-18, rev 0xb000038, size 30720
sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
sig 0x00050657, pf_mask 0xbf, 2019-08-12, rev 0x500002b, size 51200
sig 0x00050662, pf_mask 0x10, 2019-06-17, rev 0x001c, size 32768
sig 0x00050663, pf_mask 0x10, 2019-06-17, rev 0x7000019, size 24576
sig 0x00050664, pf_mask 0x10, 2019-06-17, rev 0xf000017, size 24576
sig 0x00050665, pf_mask 0x10, 2019-06-17, rev 0xe00000f, size 19456
-- Henrique de Moraes Holschuh <email address hidden> Thu, 19 Sep 2019 00:38:50 -0300
| Superseded in stretch-release |
intel-microcode (3.20190618.1~deb9u1) stretch-security; urgency=medium * Rebuild for stretch-security (no changes) * Refer to DSA 4447-1 for details -- Henrique de Moraes Holschuh <email address hidden> Wed, 19 Jun 2019 09:27:39 -0300
intel-microcode (3.20190618.1) unstable; urgency=medium
* New upstream microcode datafile 20190618
+ SECURITY UPDATE
Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
for Sandybridge server and Core-X processors
+ Updated Microcodes:
sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432
sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456
* Add some missing (minor) changelog entries to 3.20190514.1
* Reformat 3.20190514.1 changelog entry to match rest of changelog
-- Henrique de Moraes Holschuh <email address hidden> Wed, 19 Jun 2019 09:05:54 -0300
intel-microcode (3.20190514.1) unstable; urgency=high
* New upstream microcode datafile 20190514
* SECURITY UPDATE
Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
* New Microcodes:
sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224
sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224
sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224
sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632
sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608
sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104
* Updated Microcodes:
sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288
sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336
sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552
sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456
sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384
sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408
sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816
sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432
sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504
sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600
sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336
sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352
sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720
sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768
sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768
sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576
sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552
sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456
sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408
sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360
sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352
sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264
sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728
sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304
sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304
sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280
sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328
sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304
sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328
sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280
-- Henrique de Moraes Holschuh <email address hidden> Tue, 14 May 2019 21:49:08 -0300
Available diffs
intel-microcode (3.20190312.1) unstable; urgency=medium
* New upstream microcode datafile 20190312
+ Removed Microcodes:
sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720
+ New Microcodes:
sig 0x000806e9, pf_mask 0x10, 2018-10-18, rev 0x009e, size 98304
sig 0x000806eb, pf_mask 0xd0, 2018-10-25, rev 0x00a4, size 99328
sig 0x000806ec, pf_mask 0x94, 2019-02-12, rev 0x00b2, size 98304
sig 0x000906ec, pf_mask 0x22, 2018-09-29, rev 0x00a2, size 98304
sig 0x000906ed, pf_mask 0x22, 2019-02-04, rev 0x00b0, size 97280
+ Updated Microcodes:
sig 0x000306f2, pf_mask 0x6f, 2018-11-20, rev 0x0041, size 34816
sig 0x000306f4, pf_mask 0x80, 2018-11-06, rev 0x0013, size 17408
sig 0x00050654, pf_mask 0xb7, 2019-01-28, rev 0x200005a, size 33792
sig 0x00050662, pf_mask 0x10, 2018-12-06, rev 0x0019, size 32768
sig 0x00050663, pf_mask 0x10, 2018-12-06, rev 0x7000016, size 23552
sig 0x00050664, pf_mask 0x10, 2018-11-17, rev 0xf000014, size 23552
sig 0x00050665, pf_mask 0x10, 2018-11-17, rev 0xe00000c, size 19456
sig 0x000506c9, pf_mask 0x03, 2018-09-14, rev 0x0036, size 17408
sig 0x000506ca, pf_mask 0x03, 2018-09-20, rev 0x0010, size 15360
sig 0x000706a1, pf_mask 0x01, 2018-09-21, rev 0x002c, size 73728
sig 0x000806e9, pf_mask 0xc0, 2018-07-16, rev 0x009a, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-10-18, rev 0x009e, size 98304
sig 0x000906e9, pf_mask 0x2a, 2018-07-16, rev 0x009a, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-12-12, rev 0x00aa, size 98304
sig 0x000906eb, pf_mask 0x02, 2018-12-12, rev 0x00aa, size 99328
-- Henrique de Moraes Holschuh <email address hidden> Sat, 16 Mar 2019 21:07:54 -0300
Available diffs
- diff from 3.20180807a.2 to 3.20190312.1 (23.1 KiB)
| Superseded in stretch-release |
intel-microcode (3.20180807a.2~deb9u1) stretch; urgency=medium
* Release managers:
This update is being distributed by Debian in unstable, testing and
jessie- and stretch-backports since 2018-10-30 without issues, and by
most distros since 2018-08/2018-09, with no known reports of
regressions on Westmere EP processors (Spectre mitigations are very
expensive on Nehalem and Westmere, though).
* SECURITY FIX: this update adds the accumulated fixes for Westmere EP
(signature 0x206c2) from nearly a decade, including but likely not
limited to:
+ Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation)
Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
+ Implements SSBD support (Spectre v4 mitigation),
Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix)
Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+ Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation.
Intel SA-0088, CVE-2017-5753, CVE-2017-5754
+ Very likely implements LAPIC sinkhole fix
+ Fixes AAK167/BT248: Virtual APIC accesses with 32-bit PAE paging
may cause system crash
* This Westmere EP microcode update has been explicitly approved by
Intel for general distribution by operating systems, refer to the
changelog entry for 3.20180807a.2 below
-- Henrique de Moraes Holschuh <email address hidden> Sun, 27 Jan 2019 13:07:47 -0200
| Superseded in stretch-release |
intel-microcode (3.20180807a.1~deb9u1) stretch-security; urgency=high
* Upload to Debian stretch (no changes)
* Security fixes:
Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
Intel SA-00115, CVE-2018-3639, CVE-2018-3640
Intel SA-00088, CVE-2017-5753, CVE-2017-5754
-- Henrique de Moraes Holschuh <email address hidden> Sat, 15 Sep 2018 00:53:22 -0300
intel-microcode (3.20180807a.2) unstable; urgency=medium
* Makefile: unblacklist 0x206c2 (Westmere EP)
According to <email address hidden>, on message to LP#1795594
on 2018-10-09, we can ship 0x206c2 updates without restrictions.
Also, there are no reports in the field about this update causing
issues (closes: #907402) (LP: #1795594)
-- Henrique de Moraes Holschuh <email address hidden> Tue, 23 Oct 2018 19:52:40 -0300
Available diffs
- diff from 3.20180807a.1 to 3.20180807a.2 (1.2 KiB)
intel-microcode (3.20180807a.1) unstable; urgency=high
[ Henrique de Moraes Holschuh ]
* New upstream microcode datafile 20180807a
(closes: #906158, #906160, #903135, #903141)
+ New Microcodes:
sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264
sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216
sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360
sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336
sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240
+ Updated Microcodes:
sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288
sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216
sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216
sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096
sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288
sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336
sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312
sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552
sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432
sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528
sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600
sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312
sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328
sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744
sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013, size 22528
sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012, size 22528
sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384
sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328
sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728
sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304
sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280
sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304
+ Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation)
Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
+ Implements SSBD support (Spectre v4 mitigation),
Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix)
Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+ Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation for older
processors with signatures 0x106a5, 0x106e5, 0x20652, 0x20655.
Intel SA-0088, CVE-2017-5753, CVE-2017-5754
* source: update symlinks to reflect id of the latest release, 20180807a
* debian/intel-microcode.docs: ship license and releasenote upstream files.
* debian/changelog: update entry for 3.20180703.1 with L1TF information
[ Julian Andres Klode ]
* initramfs: include all microcode for MODULES=most.
Default to early instead of auto, and install all of the microcode,
not just the one matching the current CPU, if MODULES=most is set
in the initramfs-tools config (LP: #1778738)
-- Henrique de Moraes Holschuh <email address hidden> Fri, 24 Aug 2018 08:53:53 -0300
Available diffs
| Superseded in stretch-release |
intel-microcode (3.20180425.1~deb9u1) stretch; urgency=medium
* Upload to Debian stretch (no changes)
* RELEASE MANAGER INFORMATION: This update deploys the microcode side fix
for CVE-2017-5715 (Spectre v2). On the more recent processors, it also
fixes other unspecified errata. This microcode update pack has been
extensively tested in Debian unstable, testing, strech-backports and
jessie-backports. It has been extensively deployed by other distributions
to their stable branches without causing any issues, with one notable
exception (a distro-specific kernel bug, already fixed by that distro).
-- Henrique de Moraes Holschuh <email address hidden> Fri, 18 May 2018 09:15:59 -0300
intel-microcode (3.20180703.2) unstable; urgency=medium
* source: fix badly named symlink that resulted in most microcode
updates not being shipped in the binary package. Oops!
-- Henrique de Moraes Holschuh <email address hidden> Thu, 05 Jul 2018 14:26:36 -0300
| Superseded in sid-release |
intel-microcode (3.20180703.1) unstable; urgency=medium
* New upstream microcode data file 20180703 (closes: #903018)
+ Updated Microcodes:
sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
+ First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+ SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
server dies.
* source: update symlinks to reflect id of the latest release, 20180703
-- Henrique de Moraes Holschuh <email address hidden> Thu, 05 Jul 2018 10:03:53 -0300
| Published in jessie-release |
intel-microcode (3.20180425.1~deb8u1) jessie; urgency=medium
* Upload to Debian jessie (no changes)
* RELEASE MANAGER INFORMATION: This update deploys the microcode side fix
for CVE-2017-5715 (Spectre v2). On the more recent processors, it also
fixes other unspecified errata. This microcode update pack has been
extensively tested in Debian unstable, testing, strech-backports and
jessie-backports. It has been extensively deployed by other distributions
to their stable branches without causing any issues, with one notable
exception (a distro-specific kernel bug, already fixed by that distro).
-- Henrique de Moraes Holschuh <email address hidden> Fri, 18 May 2018 09:38:22 -0300
intel-microcode (3.20180425.1) unstable; urgency=medium
* New upstream microcode data file 20180425 (closes: #897443, #895878)
+ Updated Microcodes:
sig 0x000406f1, pf_mask 0xef, 2018-03-21, rev 0xb00002c, size 27648
sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
+ Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
+ Note that sig 0x000604f1 has been blacklisted from late-loading
since Debian release 3.20171117.1.
* source: remove undesired list files from microcode directories
* source: switch to microcode-<id>.d/ since Intel dropped .dat
support.
-- Henrique de Moraes Holschuh <email address hidden> Wed, 02 May 2018 16:48:44 -0300
intel-microcode (3.20180312.1) unstable; urgency=medium
* New upstream microcode data file 20180312 (closes: #886367)
+ New Microcodes:
sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720
sig 0x00050665, pf_mask 0x10, 2018-01-22, rev 0xe000009, size 18432
+ Updated Microcodes:
sig 0x000206a7, pf_mask 0x12, 2018-02-07, rev 0x002d, size 12288
sig 0x000206d6, pf_mask 0x6d, 2018-01-30, rev 0x061c, size 18432
sig 0x000206d7, pf_mask 0x6d, 2018-01-26, rev 0x0713, size 19456
sig 0x000306a9, pf_mask 0x12, 2018-02-07, rev 0x001f, size 13312
sig 0x000306c3, pf_mask 0x32, 2018-01-21, rev 0x0024, size 23552
sig 0x000306d4, pf_mask 0xc0, 2018-01-18, rev 0x002a, size 18432
sig 0x000306e4, pf_mask 0xed, 2018-01-25, rev 0x042c, size 15360
sig 0x000306e7, pf_mask 0xed, 2018-02-16, rev 0x0713, size 16384
sig 0x000306f2, pf_mask 0x6f, 2018-01-19, rev 0x003c, size 33792
sig 0x000306f4, pf_mask 0x80, 2018-01-22, rev 0x0011, size 17408
sig 0x00040651, pf_mask 0x72, 2018-01-18, rev 0x0023, size 21504
sig 0x00040661, pf_mask 0x32, 2018-01-21, rev 0x0019, size 25600
sig 0x00040671, pf_mask 0x22, 2018-01-21, rev 0x001d, size 12288
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x00050654, pf_mask 0xb7, 2018-01-26, rev 0x2000043, size 28672
sig 0x00050662, pf_mask 0x10, 2018-01-22, rev 0x0015, size 31744
sig 0x00050663, pf_mask 0x10, 2018-01-22, rev 0x7000012, size 22528
sig 0x00050664, pf_mask 0x10, 2018-01-22, rev 0xf000011, size 22528
sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
sig 0x000806e9, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 97280
sig 0x000906e9, pf_mask 0x2a, 2018-01-21, rev 0x0084, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-01-21, rev 0x0084, size 96256
sig 0x000906eb, pf_mask 0x02, 2018-01-21, rev 0x0084, size 98304
+ Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation for:
Sandybridge, Ivy Bridge, Haswell, Broadwell, Skylake, Kaby Lake,
Coffee Lake
+ Missing production updates:
+ Broadwell-E/EX Xeons (sig 0x406f1)
+ Anniedale/Morefield, Apollo Lake, Avoton, Cherry Trail, Braswell,
Gemini Lake, Denverton
* Update past changelog entries with new information:
Intel already had all necessary semanthics in LFENCE, so the
Spectre-related Intel microcode changes did not need to enhance LFENCE.
* debian/control: update Vcs-* fields for the move to salsa.debian.org
-- Henrique de Moraes Holschuh <email address hidden> Wed, 14 Mar 2018 09:21:24 -0300
intel-microcode (3.20180108.1+really20171117.1) unstable; urgency=critical
* Revert to release 20171117, as per Intel instructions issued to
the public in 2018-01-22 (closes: #886998)
* This effectively removes IBRS/IBPB/STIPB microcode support for
Spectre variant 2 mitigation.
-- Henrique de Moraes Holschuh <email address hidden> Mon, 22 Jan 2018 23:01:59 -0200
Available diffs
intel-microcode (3.20180108.1) unstable; urgency=high
* New upstream microcode data file 20180108 (closes: #886367)
+ Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
sig 0x000306e4, pf_mask 0xed, 2017-12-01, rev 0x042a, size 15360
sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
sig 0x000306f4, pf_mask 0x80, 2017-11-17, rev 0x0010, size 17408
sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
sig 0x00040661, pf_mask 0x32, 2017-11-20, rev 0x0018, size 25600
sig 0x00040671, pf_mask 0x22, 2017-11-17, rev 0x001b, size 13312
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x00050654, pf_mask 0xb7, 2017-12-08, rev 0x200003c, size 27648
sig 0x00050662, pf_mask 0x10, 2017-12-16, rev 0x0014, size 31744
sig 0x00050663, pf_mask 0x10, 2017-12-16, rev 0x7000011, size 22528
sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
sig 0x000806e9, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
sig 0x000906e9, pf_mask 0x2a, 2018-01-04, rev 0x0080, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-01-04, rev 0x0080, size 97280
sig 0x000906eb, pf_mask 0x02, 2018-01-04, rev 0x0080, size 98304
+ Implements IBRS/IBPB support and enhances LFENCE: mitigation
against Spectre (CVE-2017-5715)
+ Very likely fixes several other errata on some of the processors
* supplementary-ucode-CVE-2017-5715.d/: remove.
+ Downgraded microcodes:
sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb000021, size 26624
sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
+ This removes IBRS/IBPB support for these two platforms when compared
with the previous (and unofficial) release, 20171215. We don't know
why Intel declined to include these microcode updates (as well as
several others) in the release.
* source: remove superseded upstream data file: 20171117
* README.Debian, copyright: update download URLs (closes: #886368)
-- Henrique de Moraes Holschuh <email address hidden> Wed, 10 Jan 2018 00:23:44 -0200
Available diffs
- diff from 3.20171117.1 to 3.20180108.1 (4.1 MiB)
- diff from 3.20171215.1 to 3.20180108.1 (4.1 MiB)
intel-microcode (3.20171215.1) unstable; urgency=high
* Add supplementary-ucode-CVE-2017-5715.d/: (closes: #886367)
New upstream microcodes to partially address CVE-2017-5715
+ Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x000406f1, pf_mask 0xef, 2017-11-18, rev 0xb000025, size 27648
sig 0x00050654, pf_mask 0xb7, 2017-11-21, rev 0x200003a, size 27648
sig 0x000506c9, pf_mask 0x03, 2017-11-22, rev 0x002e, size 16384
sig 0x000806e9, pf_mask 0xc0, 2017-12-03, rev 0x007c, size 98304
sig 0x000906e9, pf_mask 0x2a, 2017-12-03, rev 0x007c, size 98304
* Implements IBRS and IBPB support via new MSR (Spectre variant 2
mitigation, indirect branches). Support is exposed through cpuid(7).EDX.
* LFENCE terminates all previous instructions (Spectre variant 2
mitigation, conditional branches).
-- Henrique de Moraes Holschuh <email address hidden> Thu, 04 Jan 2018 23:04:38 -0200
Available diffs
- diff from 3.20171117.1 to 3.20171215.1 (1.1 KiB)
intel-microcode (3.20171117.1) unstable; urgency=medium
* New upstream microcode data file 20171117
+ New Microcodes:
sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
sig 0x000706a1, pf_mask 0x01, 2017-10-31, rev 0x001e, size 72704
sig 0x000906ea, pf_mask 0x22, 2017-08-23, rev 0x0070, size 95232
sig 0x000906eb, pf_mask 0x02, 2017-09-20, rev 0x0072, size 97280
+ Updated Microcodes:
sig 0x00050654, pf_mask 0xb7, 2017-10-17, rev 0x2000035, size 26624
sig 0x000806ea, pf_mask 0xc0, 2017-08-03, rev 0x0070, size 96256
* source: remove superseded upstream data file: 20170707.
* source: remove unneeded intel-ucode/ directory for 20171117.
* debian/control: bump standards version to 4.1.1 (no changes)
* Makefile: rename microcode-extras.pbin to microcode-includes.pbin.
* README.source: fix IUC_EXCLUDE example and minor issues.
* Makefile, README.souce: support loading ucode from directories.
* debian/rules: switch to dh mode (debhelper v9)
* ucode-blacklist: blacklist sig 0x406f1 (Skylake-X H0) from late
loading.
-- Henrique de Moraes Holschuh <email address hidden> Sat, 18 Nov 2017 18:55:09 -0200
Available diffs
- diff from 3.20170707.1 to 3.20171117.1 (3.7 MiB)
| Superseded in jessie-release |
intel-microcode (3.20170707.1~deb8u1) jessie; urgency=high * Upload to jessie (no changes) -- Henrique de Moraes Holschuh <email address hidden> Sat, 08 Jul 2017 20:25:31 -0300
| Superseded in stretch-release |
intel-microcode (3.20170707.1~deb9u1) stretch; urgency=medium * Rebuild for stretch (no changes) -- Henrique de Moraes Holschuh <email address hidden> Sat, 08 Jul 2017 19:47:45 -0300
intel-microcode (3.20170707.1) unstable; urgency=high
* New upstream microcode datafile 20170707
+ New Microcodes:
sig 0x00050654, pf_mask 0x97, 2017-06-01, rev 0x2000022, size 25600
sig 0x000806e9, pf_mask 0xc0, 2017-04-27, rev 0x0062, size 97280
sig 0x000806ea, pf_mask 0xc0, 2017-05-23, rev 0x0066, size 95232
sig 0x000906e9, pf_mask 0x2a, 2017-04-06, rev 0x005e, size 97280
+ This release fixes the nightmare-level errata SKZ7/SKW144/SKL150/
SKX150 (Skylake) KBL095/KBW095 (Kaby Lake) for all affected Kaby
Lake and Skylake processors: Skylake D0/R0 were fixed since the
previous upstream release (20170511). This new release adds the
fixes for Kaby Lake Y0/B0/H0 and Skylake H0 (Skylake-E/X).
+ Fix undisclosed errata in Skylake H0 (0x50654), Kaby Lake Y0
(0x806ea), Kaby Lake H0 (0x806e9), Kaby Lake B0 (0x906e9)
* source: remove unneeded intel-ucode/ directory
* source: remove superseded upstream data file: 20170511
-- Henrique de Moraes Holschuh <email address hidden> Sat, 08 Jul 2017 19:04:27 -0300
Available diffs
- diff from 3.20170511.1 to 3.20170707.1 (2.9 MiB)
intel-microcode (3.20170511.1) unstable; urgency=medium
* New upstream microcode datafile 20170511
+ Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2017-01-27, rev 0x0022, size 22528
sig 0x000306d4, pf_mask 0xc0, 2017-01-27, rev 0x0025, size 17408
sig 0x000306f2, pf_mask 0x6f, 2017-01-30, rev 0x003a, size 32768
sig 0x000306f4, pf_mask 0x80, 2017-01-30, rev 0x000f, size 16384
sig 0x00040651, pf_mask 0x72, 2017-01-27, rev 0x0020, size 20480
sig 0x00040661, pf_mask 0x32, 2017-01-27, rev 0x0017, size 24576
sig 0x00040671, pf_mask 0x22, 2017-01-27, rev 0x0017, size 11264
sig 0x000406e3, pf_mask 0xc0, 2017-04-09, rev 0x00ba, size 98304
sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb000021, size 26624
sig 0x000506e3, pf_mask 0x36, 2017-04-09, rev 0x00ba, size 98304
+ This release fixes undisclosed errata on the desktop, mobile and
server processor models from the Haswell, Broadwell, and Skylake
families, including even the high-end multi-socket server Xeons
+ Likely fix the TSC-Deadline LAPIC errata (BDF89, SKL142 and
similar) on several processor families
+ Fix erratum BDF90 on Xeon E7v4, E5v4(?) (closes: #862606)
+ Likely fix serious or critical Skylake errata: SKL138/144,
SKL137/145, SLK149
* Likely fix nightmare-level Skylake erratum SKL150. Fortunately,
either this erratum is very-low-hitting, or gcc/clang/icc/msvc
won't usually issue the affected opcode pattern and it ends up
being rare.
SKL150 - Short loops using both the AH/BH/CH/DH registers and
the corresponding wide register *may* result in unpredictable
system behavior. Requires both logical processors of the same
core (i.e. sibling hyperthreads) to be active to trigger, as
well as a "complex set of micro-architectural conditions"
* source: remove unneeded intel-ucode/ directory
Since release 20170511, upstream ships the microcodes both in .dat
format, and as Linux-style split /lib/firmware/intel-ucode files.
It is simpler to just use the .dat format file for now, so remove
the intel-ucode/ directory. Note: before removal, it was verified
that there were no discrepancies between the two microcode sets
(.dat and intel-ucode/)
* source: remove superseded upstream data file: 20161104
-- Henrique de Moraes Holschuh <email address hidden> Mon, 15 May 2017 15:12:25 -0300
Available diffs
- diff from 3.20161104.1 to 3.20170511.1 (2.5 MiB)
| Superseded in jessie-release |
intel-microcode (3.20161104.1~deb8u1) stable; urgency=medium
* This is the same package as 3.20161104.1 from unstable/testing and
3.20161104.1~bpo8+1, from jessie-backports. It has been present in
unstable since 2016-11-09, testing since 2016-11-15, and jessie-backports
since 2016-11-17.
* STABLE RELEASE MANAGER INFORMATION:
+ Supposed to fix critical Intel TSX erratum BDE85 on Xeon-D 1500 Y0
+ Known to fix critical errata on several Xeon-D 1500 models which
will crash vmware (KB2146388) and likely Linux as well
+ Fixes likely critical errata (which ones unknown) on Broadwell-E
(Core extreme edition 5th gen, Xeon E5v4, Xeon E7v4)
+ Removes (very likely outdated) microcode for the C3500 and C5500 family
of embedded Xeon (Jasper Forest). These embedded Xeons are typically
found on (older) network equipment appliances such as firewalls/IPS/IDS,
and also on data storage devices, and thus are supposed to receive
microcode updates through their vendors
-- Henrique de Moraes Holschuh <email address hidden> Fri, 16 Dec 2016 09:42:04 -0200
intel-microcode (3.20161104.1) unstable; urgency=medium
* New upstream microcode datafile 20161104
+ New Microcodes:
sig 0x00050663, pf_mask 0x10, 2016-10-12, rev 0x700000d, size 20480
sig 0x00050664, pf_mask 0x10, 2016-06-02, rev 0xf00000a, size 21504
+ Updated Microcodes:
sig 0x000306f2, pf_mask 0x6f, 2016-10-07, rev 0x0039, size 32768
sig 0x000406f1, pf_mask 0xef, 2016-10-07, rev 0xb00001f, size 25600
+ Removed Microcodes:
sig 0x000106e4, pf_mask 0x09, 2013-07-01, rev 0x0003, size 6144
+ This update fixes critical errata on Broadwell-DE V2/Y0 (Xeon
D-1500 family), including one that can crash VMWare ESXi 6 with
#PF (VMWare KB2146388), and could affect Linux as well. This same
issue was fixed for the E5v4 Xeons in release 20160607
+ This update fixes undisclosed (and likely critical) errata on
Broadwell-E Core i7-68xxK/69xxK/6950X, Broadwell-EP/EX B0/R0/M0
Xeon E5v4 and Xeon E7v4, and Haswell-EP Xeon E5v3
+ This release deletes the microcode update for the Jasper Forest
embedded Xeons (Xeon EC35xx/LC35xx/EC35xx/LC55xx), for undisclosed
reasons. The deleted microcode is outdated when compared with the
updates for the other Nehalem Xeons
* Makefile: always exclude microcode sig 0x206c2 just in case
Intel is quite clear in the Intel SA-00030 advisory text that recent
revisions (0x14 and later?) of the 0x206c2 microcode updates must be
installed along with updated SINIT ACM on vPro systems (i.e. through
an UEFI/BIOS firmware update). This is a defensive change so that we
don't ship such a microcode update in the future by mistake
* source: remove partially superseded upstream data file: 20160714
* source: remove superseded upstream data file: 20101123
* changelog: replace "pf mask" with "pf_mask"
* control, compat: switch debhelper compatibility level to 9
* control: bump standards-version, no changes required
-- Henrique de Moraes Holschuh <email address hidden> Wed, 09 Nov 2016 20:35:57 -0200
Available diffs
- diff from 3.20160714.1 to 3.20161104.1 (2.9 MiB)
| Superseded in jessie-release |
intel-microcode (3.20160714.1~deb8u1) stable; urgency=medium
* Rebuild for Debian jessie stable update (no changes)
* STABLE RELEASE MANAGER INFORMATION:
+ This is the same package which is in unstable since 2016-07-22,
and stretch (testing) and jessie-backports since 2016-07-28,
with no issues reported
+ Contains updated microcode for:
Skylake/H/DT, Broadwell/E/EP/H/DE/WS, Haswell/E/WS/EP/EX, and their
usual variants (U/ULT,Y,S...): mobile, desktop, embedded, single-
and dual-socket server/workstation. Also includes related Pentium
and Celeron
+ Somewhat unusually, this release includes an update for the
multi-socket Haswell-EX E7-v3 Xeon server processors
+ Fixes critical issues on Intel Skylake processors, such as:
- TSX unpredictable behavior
- AVX data/calculation corruption
- High-hitting crashes and hangs related to MCEs and power
management errata that might make it impossible to even install
Debian in the first place (systems with very outdated firmware)
+ Likely fixes a recently identified, critical but low-hitting TSX
erratum on Broadwell, Broadwell-E and related Xeons
(Broadwell-DE/WS/EP: Xeon-D 1500, E3-v4 and E5-v4)
+ Fix Broadwell-DE (Xeon-D 1500) errata (incomplete list):
Stepping V-1: BDE58, BDE56, BDE55, BDE50, BDE44, BDE41, BDE38,
BDE10, BDE9, BDE8, BDE7
Stepping Y-0: LAN1, BDE67, BDE68
+ Might fix Haswell-EP Xeon E5-v3 power management regression
which is already present in the packages currently in jessie
(#815990)
+ Fixes undisclosed errata on Xeon E7-v3 48xx/88xx
-- Henrique de Moraes Holschuh <email address hidden> Sun, 07 Aug 2016 21:48:59 -0300
intel-microcode (3.20160714.1) unstable; urgency=medium
* New upstream microcode datafile 20160714
+ Updated Microcodes:
sig 0x000306f4, pf mask 0x80, 2016-06-07, rev 0x000d, size 15360
sig 0x000406e3, pf mask 0xc0, 2016-06-22, rev 0x009e, size 97280
sig 0x000406f1, pf mask 0xef, 2016-06-06, rev 0xb00001d, size 25600
sig 0x000506e3, pf mask 0x36, 2016-06-22, rev 0x009e, size 97280
+ This release hopefully fixes a hang when updating the microcode on
some Skylake-U D-1/Skylake-Y D-1 (sig 0x406e3, pf 0x80) systems
* source: remove superseded upstream data file: 20160607
-- Henrique de Moraes Holschuh <email address hidden> Thu, 21 Jul 2016 19:04:09 -0300
Available diffs
- diff from 3.20160607.2 to 3.20160714.1 (2.3 MiB)
intel-microcode (3.20160607.2) unstable; urgency=low
* REMOVE microcode:
sig 0x000406e3, pf mask 0xc0, 2016-04-06, rev 0x008a, size 96256
(closes: #828819)
* The Core i7-6500U and m3-6Y30 processors (Skylake-UY D-1,
sig=0x406e3, pf=0x80) may hang while attempting an early microcode
update to revision 0x8a, apparently due to some sort of firmware
dependency. On affected systems, the only way to avoid the issue is
to get a firmware update that includes microcode revision 0x8a or
later. At this time, there are reports of both sucessful and failed
updates on the m3-6Y30, and only of failed updates on the i7-6500U.
There are no reports about Skylake-U K-1 (pf=0x40).
+ WARNING: it is unsafe to use a system based on an Intel Skylake-U/Y
processor with microcode earlier than revision 0x8a, due to several
critical errata that cause unpredictable behavior, data corruption,
and other problems. Users *must* update their firmware to get
microcode 0x8a or newer, and keep it up-to-date.
-- Henrique de Moraes Holschuh <email address hidden> Fri, 08 Jul 2016 22:54:26 -0300
Available diffs
- diff from 3.20160607.1 to 3.20160607.2 (1.2 KiB)
| Superseded in sid-release |
intel-microcode (3.20160607.1) unstable; urgency=medium
* New upstream microcode data file 20160607
+ New Microcodes:
sig 0x000406e3, pf mask 0xc0, 2016-04-06, rev 0x008a, size 96256
sig 0x000406f1, pf mask 0xef, 2016-05-20, rev 0xb00001c, size 25600
sig 0x00050662, pf mask 0x10, 2015-12-12, rev 0x000f, size 28672
sig 0x000506e3, pf mask 0x36, 2016-04-06, rev 0x008a, size 96256
+ Updated Microcodes:
sig 0x000306c3, pf mask 0x32, 2016-03-16, rev 0x0020, size 22528
sig 0x000306d4, pf mask 0xc0, 2016-04-29, rev 0x0024, size 17408
sig 0x000306f2, pf mask 0x6f, 2016-03-28, rev 0x0038, size 32768
sig 0x000306f4, pf mask 0x80, 2016-02-11, rev 0x000a, size 15360
sig 0x00040651, pf mask 0x72, 2016-04-01, rev 0x001f, size 20480
sig 0x00040661, pf mask 0x32, 2016-04-01, rev 0x0016, size 24576
sig 0x00040671, pf mask 0x22, 2016-04-29, rev 0x0016, size 11264
* source: remove superseded upstream data file: 20151106.
* control: change upstream URL to a search for "linux microcode"
Unfortunately, many of the per-processor-model feeds have not been
updated for microcode release 20160607. Switch to the general search
page as the upstream URL.
* README.Debian: fix duplicated word 'to'
-- Henrique de Moraes Holschuh <email address hidden> Thu, 23 Jun 2016 12:17:03 -0300
Available diffs
- diff from 3.20151106.2 to 3.20160607.1 (2.0 MiB)
intel-microcode (3.20151106.2) unstable; urgency=medium
* Makefile: make the build less verbose.
* debian/changelog: fix error in past entry.
Correct the version of the microcode that caused bug #776431,
in the entry for version 3.20150121.1.
* initramfs: don't force_load microcode.ko when missing.
Detect a missing microcode.ko and don't attempt to force_load() it,
otherwise we get spurious warnings at boot. In verbose mode, log the
fact that the microcode driver is modular. For Linux 4.4 and later,
skip the entire module loading logic, since the microcode driver cannot
be modular for those kernels (closes: #814301).
* initramfs: update copyright notice
* initramfs: use iucode_tool -l for verbose mode
* README.Debian: enhance and add recovery instructions.
Rewrite large parts of the README.Debian document, and add recovery
instructions (use of the "dis_ucode_ldr" kernel parameter).
-- Henrique de Moraes Holschuh <email address hidden> Sun, 17 Apr 2016 12:38:12 -0300
Available diffs
- diff from 3.20151106.1 to 3.20151106.2 (6.6 KiB)
| Superseded in jessie-release |
intel-microcode (3.20151106.1~deb8u1) stable; urgency=medium
* Rebuild for jessie (stable update), no changes required
* This is the same package as 3.20151106.1~bpo8+1 (jessie-backports)
and 3.20151106.1 (unstable, stretch)
-- Henrique de Moraes Holschuh <email address hidden> Mon, 28 Dec 2015 15:57:14 -0200
intel-microcode (3.20151106.1) unstable; urgency=medium
* New upstream microcode data file 20151106
+ New Microcodes:
sig 0x000306f4, pf mask 0x80, 2015-07-17, rev 0x0009, size 14336
sig 0x00040671, pf mask 0x22, 2015-08-03, rev 0x0013, size 11264
+ Updated Microcodes:
sig 0x000306a9, pf mask 0x12, 2015-02-26, rev 0x001c, size 12288
sig 0x000306c3, pf mask 0x32, 2015-08-13, rev 0x001e, size 21504
sig 0x000306d4, pf mask 0xc0, 2015-09-11, rev 0x0022, size 16384
sig 0x000306f2, pf mask 0x6f, 2015-08-10, rev 0x0036, size 30720
sig 0x00040651, pf mask 0x72, 2015-08-13, rev 0x001d, size 20480
* This massive Haswell + Broadwell (and related Xeons) update fixes
several critical errata, including the high-hitting BDD86/BDM101/
HSM153(?) which triggers an MCE and locks the processor core
(LP: #1509764)
* Might fix critical errata BDD51, BDM53 (TSX-related)
* source: remove superseded upstream data file: 20150121
* Add support for supplementary microcode bundles:
+ README.source: update and mention supplementary microcode
+ Makefile: support supplementary microcode
Add support for supplementary microcode bundles, which (unlike .fw
microcode override files) can be superseded by a higher revision
microcode from the latest regular microcode bundle. Also, fix the
"oldies" target to have its own exclude filter (IUC_OLDIES_EXCLUDE)
* Add support for x32 arch:
+ README.source: mention x32
+ control,rules: enable building on x32 arch (Closes: #777356)
* ucode-blacklist: add Broadwell and Haswell-E signatures
Add a missing signature for Haswell Refresh (Haswell-E) to the "must
be updated only by the early microcode update driver" list. There is
at least one report of one of the Broadwell microcode updates disabling
TSX-NI, so add them as well just in case
-- Henrique de Moraes Holschuh <email address hidden> Mon, 09 Nov 2015 23:07:32 -0200
Available diffs
- diff from 3.20150121.1 to 3.20151106.1 (1.7 MiB)
| Published in wheezy-release |
intel-microcode (1.20150121.1) stable; urgency=high
* New upstream microcode data file 20150121
+ Downgraded microcodes (to a previously shipped revision):
sig 0x000306f2, pf mask 0x6f, 2014-09-03, rev 0x0029, size 28672
* The microcode downgrade fixes a very nasty regression on Xeon E5v3
processors (closes: #776431)
* critical urgency: the broken sig 0x306f2, rev 0x2b microcode shipped
in release 20150107 caused CPU core hangs and Linux boot failures.
The upstream fix was to downgrade it to the same microcode revision
that was shipped in release 20140913
* source: remove superseded upstream data file: 20150107.
-- Henrique de Moraes Holschuh <email address hidden> Fri, 30 Jan 2015 08:41:20 -0200
intel-microcode (3.20150121.1) unstable; urgency=critical
* New upstream microcode data file 20150121
* Downgraded microcodes (to a previously shipped revision):
sig 0x000306f2, pf mask 0x6f, 2014-09-03, rev 0x0029, size 28672
* The microcode downgrade fixes a very nasty regression on Xeon E5v3
processors (closes: #776431)
* critical urgency: the broken sig 0x306f2, rev 0x2b microcode shipped
in release 20150107 caused CPU core hangs and Linux boot failures.
The upstream fix was to downgrade it to the same microcode revision
that was shipped in release 20140913
* source: remove superseded upstream data file: 20150107.
* initramfs.hook: do not mix arrays and lists.
Avoid echo "foo $@", use echo "foo $*" instead. This is unlikely
to be expĺoitable, but it makes ShellCheck happier.
-- Henrique de Moraes Holschuh <email address hidden> Wed, 28 Jan 2015 20:03:20 -0200
Available diffs
- diff from 3.20150107.1 to 3.20150121.1 (1.6 MiB)
intel-microcode (3.20150107.1) unstable; urgency=high
* New upstream microcode data file 20150107
+ New Microcodes:
sig 0x000306d4, pf mask 0xc0, 2014-12-05, rev 0x0018, size 14336
+ Updated Microcodes:
sig 0x000306f2, pf mask 0x6f, 2014-11-21, rev 0x002d, size 28672
+ High urgency: there are fast-tracked microcode updates in this
release which imply that critical errata are being fixed
* source: remove superseded upstream data file: 20140913
-- Henrique de Moraes Holschuh <email address hidden> Sun, 18 Jan 2015 00:30:11 -0200
Available diffs
- diff from 3.20140913.1 to 3.20150107.1 (1.6 MiB)
| 1 → 75 of 112 results | First • Previous • Next • Last |
