[Bug 1977701] Re: Update to latest upstream release 20220510 / IPU 2022.1 to fix multiple security vulnerabilities

Launchpad Bug Tracker 1977701 at bugs.launchpad.net
Wed Jun 15 01:42:58 UTC 2022 

This bug was fixed in the package intel-microcode -
3.20220510.0ubuntu0.20.04.1

---------------
intel-microcode (3.20220510.0ubuntu0.20.04.1) focal; urgency=medium

  * SECURITY UPDATE: New upstream microcode datafile 20220510 (LP: #1977701)
    - New microcodes:
      sig 0x00090672, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
      sig 0x00090675, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
      sig 0x000906a3, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
      sig 0x000906a4, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
      sig 0x000b06f2, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
      sig 0x000b06f5, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
    - Updated microcodes:
      sig 0x00030679, pf_mask 0x0f, 2019-07-10, rev 0x090d, size 52224
      sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912
      sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552
      sig 0x000406e3, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 106496
      sig 0x000406f1, pf_mask 0xef, 2021-05-19, rev 0xb000040, size 35840
      sig 0x00050653, pf_mask 0x97, 2021-11-13, rev 0x100015d, size 34816
      sig 0x00050654, pf_mask 0xb7, 2021-11-13, rev 0x2006d05, size 43008
      sig 0x00050656, pf_mask 0xbf, 2021-12-10, rev 0x4003302, size 37888
      sig 0x00050657, pf_mask 0xbf, 2021-12-10, rev 0x5003302, size 37888
      sig 0x0005065b, pf_mask 0xbf, 2021-11-19, rev 0x7002501, size 29696
      sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672
      sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648
      sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552
      sig 0x000506c9, pf_mask 0x03, 2021-11-16, rev 0x0048, size 17408
      sig 0x000506ca, pf_mask 0x03, 2021-11-16, rev 0x0028, size 16384
      sig 0x000506e3, pf_mask 0x36, 2021-11-12, rev 0x00f0, size 109568
      sig 0x000506f1, pf_mask 0x01, 2021-12-02, rev 0x0038, size 11264
      sig 0x000606a6, pf_mask 0x87, 2022-03-30, rev 0xd000363, size 294912
      sig 0x000706a1, pf_mask 0x01, 2021-11-22, rev 0x003a, size 75776
      sig 0x000706a8, pf_mask 0x01, 2021-11-22, rev 0x001e, size 75776
      sig 0x000706e5, pf_mask 0x80, 2022-03-09, rev 0x00b0, size 112640
      sig 0x000806a1, pf_mask 0x10, 2022-03-26, rev 0x0031, size 34816
      sig 0x000806c1, pf_mask 0x80, 2022-02-01, rev 0x00a4, size 109568
      sig 0x000806c2, pf_mask 0xc2, 2021-12-07, rev 0x0026, size 97280
      sig 0x000806d1, pf_mask 0xc2, 2021-12-07, rev 0x003e, size 102400
      sig 0x000806e9, pf_mask 0x10, 2021-11-12, rev 0x00f0, size 105472
      sig 0x000806e9, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
      sig 0x000806ea, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
      sig 0x000806eb, pf_mask 0xd0, 2021-11-15, rev 0x00f0, size 105472
      sig 0x000806ec, pf_mask 0x94, 2021-11-17, rev 0x00f0, size 105472
      sig 0x00090661, pf_mask 0x01, 2022-02-03, rev 0x0016, size 20480
      sig 0x000906c0, pf_mask 0x01, 2022-02-19, rev 0x24000023, size 20480
      sig 0x000906e9, pf_mask 0x2a, 2021-11-12, rev 0x00f0, size 108544
      sig 0x000906ea, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
      sig 0x000906eb, pf_mask 0x02, 2021-11-12, rev 0x00f0, size 105472
      sig 0x000906ec, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
      sig 0x000906ed, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 104448
      sig 0x000a0652, pf_mask 0x20, 2021-11-16, rev 0x00f0, size 96256
      sig 0x000a0653, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 97280
      sig 0x000a0655, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 96256
      sig 0x000a0660, pf_mask 0x80, 2021-11-15, rev 0x00f0, size 96256
      sig 0x000a0661, pf_mask 0x80, 2021-11-16, rev 0x00f0, size 96256
      sig 0x000a0671, pf_mask 0x02, 2022-03-09, rev 0x0053, size 103424
    - Removed microcodes:
      sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
      sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
    - CVE-2022-21151, INTEL-SA-00617
    - CVE-2021-0146,  INTEL-SA-00528
    - CVE-2021-0127,  INTEL-SA-00532
  * source: update symlinks to reflect id of the latest release, 20220510

 -- Alex Murray <alex.murray at canonical.com>  Mon, 16 May 2022 16:26:37
+0930

** Changed in: intel-microcode (Ubuntu Impish)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to intel-microcode in Ubuntu.
https://bugs.launchpad.net/bugs/1977701

Title:
  Update to latest upstream release 20220510 / IPU 2022.1 to fix
  multiple security vulnerabilities

Status in intel-microcode package in Ubuntu:
  New
Status in intel-microcode source package in Bionic:
  Fix Released
Status in intel-microcode source package in Focal:
  Fix Released
Status in intel-microcode source package in Impish:
  Fix Released
Status in intel-microcode source package in Jammy:
  Fix Released

Bug description:
  [Impact]

   * Users are vulnerable to multiple security issues, including MMIO
  stale data
  (https://www.intel.com/content/www/us/en/developer/articles/technical/software-
  security-guidance/advisory-guidance/processor-mmio-stale-data-
  vulnerabilities.html)
  (https://www.intel.com/content/www/us/en/security-
  center/advisory/intel-sa-00615.html)

   * Normally the security team would release updates direct to the
  -security pocket but since the associated kernels are being published
  via -updates *and* to allow phased updates to be used, it is preferred
  to publish these via -updates first, then they can be synced to
  -security once fully phased.

  [Test Plan]

   * install the updated intel-microcode packages and reboot the system

  [Where problems could occur]

   * Historically there have been issues where intel-microcode updates
  resulted in machines that fail to boot. This has usually been the case
  when a machine is using an old BIOS and the microcode which is loaded
  in early boot is much newer. Intel have increased their own internal
  testing to try and ensure this is detected before releasing to
  production.

  Also these updates have now been in -proposed for over a week without
  any mention of issues *plus* they have been tested extensively via
  testflinger on the Canonical certification lab's suite of machines
  too.

  Finally, in this unlikely case, users can boot via the '(recovery
  mode)' menu entries in grub which disables early microcode loading
  from the initrd to workaround this and then rollback the microcode
  update directly.

  [Other Info]
   
  Intel released version 20220510 / IPU 2022.1 earlier in May to address multiple vulnerabilities, including:

      - CVE-2022-21151, INTEL-SA-00617
      - CVE-2021-0146,  INTEL-SA-00528
      - CVE-2021-0127,  INTEL-SA-00532

  This version is already packaged in Ubuntu 22.10 (kinetic).

  Earlier today Intel disclosed another set of vulnerabilities (MMIO
  stale data) which are also fixed by these updates.

  
  Whilst this is a security update, to allow for increased testing before being more widely deployed the Ubuntu Security team are wishing to publish this first via -proposed and then to -updates so they can be phased along with the associated kernel updates for MMIO stale data as well.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1977701/+subscriptions

More information about the foundations-bugs mailing list