[Bug 1984166] Re: Update to latest upstream 20220809 to fix CVE-2022-21233

Alex Murray 1984166 at bugs.launchpad.net
Mon Sep 12 04:19:49 UTC 2022 

These packages were tested via testflinger-cli to schedule jobs on the
various machines in the Canonical Hardware Certifications Lab - each job
was then configured as follows:

# enable proposed so we can install intel-microcode from there
# https://wiki.ubuntu.com/Testing/EnableProposed

cat <<EOF | sudo tee /etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
EOF

cat <<EOF | sudo tee /etc/apt/preferences.d/proposed-updates
# Configure apt to allow selective installs of packages from proposed
Package: *
Pin: release a=$(lsb_release -cs)-proposed
Pin-Priority: 400
EOF

sudo apt update

# then installed as:

sudo apt install intel-microcode/$(lsb_release -cs)-proposed

# and finally the machine was rebooted to test that it correctly loads the new microcode
sudo reboot

# capture details of the new microcode
sudo dmesg | grep microcode
cat /proc/cpuinfo

** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-jammy
** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-jammy

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to intel-microcode in Ubuntu.
https://bugs.launchpad.net/bugs/1984166

Title:
  Update to latest upstream 20220809 to fix CVE-2022-21233

Status in intel-microcode package in Ubuntu:
  Fix Released
Status in intel-microcode source package in Bionic:
  Fix Committed
Status in intel-microcode source package in Focal:
  Fix Committed
Status in intel-microcode source package in Jammy:
  Fix Committed
Status in intel-microcode source package in Kinetic:
  Fix Released

Bug description:
  [Impact]

  CVE-2022-21233
  Stale data may be returned as the result of unauthorized reads to the legacy xAPIC MMIO region. This issue is present only in the legacy xAPIC mode and doesn’t affect the x2APIC mode. This can be used to expose sensitive information in an SGX enclave.

  [Test Plan]

   * install the updated intel-microcode packages and reboot the system

  [Other Info]

  Intel released microcode-20220809 release
  (https://github.com/intel/Intel-Linux-Processor-Microcode-Data-
  Files/releases/tag/microcode-20220809)

  to address vulnerability

  - CVE-2022-21233 / intel-sa-00657

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1984166/+subscriptions

More information about the foundations-bugs mailing list