[Bug 1733582] Re: intel released new microcode fixing several CVE's related to the ME

Marc Deslauriers marc.deslauriers at canonical.com
Thu Nov 23 12:45:28 UTC 2017 

Thanks for filing this issue.

As far as I can tell on the Intel page linked above, the CVEs were
issued against vulnerabilities in the Manageability Engine, Server
Platform Service, and the Trusted Execution Engine.

I believe the intel-microcode package only contains microcode for the
CPU, and doesn't contain firmware for the ME, SPS and TXE. To update
those components, you need to apply firmware updates from the computer
manufacturer.

I am removing the references to CVEs from this bug. If you disagree with
my assessment, please comment below. Thanks!

** CVE removed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5705

** CVE removed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5708

** CVE removed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5711

** CVE removed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5712

** Summary changed:

- intel released new microcode fixing several CVE's related to the ME
+ intel released new microcode

** Description changed:

- Intel released a new microcode file (https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File) which fixes several cve's (CVE-2017-5705, CVE-2017-5708, CVE-2017-5711 and CVE-2017-5712, see https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr).
+ Intel released a new microcode file (https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File).
  I think this warrents a new version of the intel-microcode package.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to intel-microcode in Ubuntu.
https://bugs.launchpad.net/bugs/1733582

Title:
  intel released new microcode

Status in intel-microcode package in Ubuntu:
  Fix Released
Status in intel-microcode source package in Trusty:
  Confirmed
Status in intel-microcode source package in Xenial:
  Confirmed
Status in intel-microcode source package in Zesty:
  Confirmed
Status in intel-microcode source package in Artful:
  Confirmed
Status in intel-microcode source package in Bionic:
  Fix Released

Bug description:
  Intel released a new microcode file (https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File).
  I think this warrents a new version of the intel-microcode package.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1733582/+subscriptions

More information about the foundations-bugs mailing list