[Bug 2120893] [NEW] [FFe] Update amd64-microcode to upstream version 20250708
Rodrigo Figueiredo Zaiden
2120893 at bugs.launchpad.net
Mon Aug 18 22:50:02 UTC 2025
Public bug reported:
## FFE ##
amd64-microcode contains binaries distributed from the upstream
linux-firmware repository[1]. Version 20250708 fixes CVE-2024-36350 and
CVE-2024-36357, both for AMD TSA[2] and it is being updated across most
of the releases, and to avoid possible upgrade interruptions, we would
need to have the devel release also updated to this newer version.
At this stage, supported releases are in the security-proposed
pocket[3].
The idea is: if approved, a rebased version on top of the version in the
archive proposed[4] can get sponsored by a security team member including
this LP Bug on the debian/changelog.
### Testing Done ###
Questing update was tested with a local build using AMD machines available
in testflinger running the QRT test for this package[5]
[1]: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/amd-ucode?id=331eac9144402d6cfa02ff3b2888a40bb9a7a01a
[2]: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
[3]: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages?field.name_filter=amd64-microcode&field.status_filter=published&field.series_filter=
[4]: https://launchpad.net/ubuntu/+source/amd64-microcode/3.20250311.1ubuntu3
** Affects: amd64-microcode (Ubuntu)
Importance: Undecided
Status: New
** Summary changed:
- [FFe] Update to upstream version 20250708
+ [FFe] Update amd64-microcode to upstream version 20250708
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to amd64-microcode in Ubuntu.
https://bugs.launchpad.net/bugs/2120893
Title:
[FFe] Update amd64-microcode to upstream version 20250708
Status in amd64-microcode package in Ubuntu:
New
Bug description:
## FFE ##
amd64-microcode contains binaries distributed from the upstream
linux-firmware repository[1]. Version 20250708 fixes CVE-2024-36350 and
CVE-2024-36357, both for AMD TSA[2] and it is being updated across most
of the releases, and to avoid possible upgrade interruptions, we would
need to have the devel release also updated to this newer version.
At this stage, supported releases are in the security-proposed
pocket[3].
The idea is: if approved, a rebased version on top of the version in the
archive proposed[4] can get sponsored by a security team member including
this LP Bug on the debian/changelog.
### Testing Done ###
Questing update was tested with a local build using AMD machines available
in testflinger running the QRT test for this package[5]
[1]: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/amd-ucode?id=331eac9144402d6cfa02ff3b2888a40bb9a7a01a
[2]: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
[3]: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages?field.name_filter=amd64-microcode&field.status_filter=published&field.series_filter=
[4]: https://launchpad.net/ubuntu/+source/amd64-microcode/3.20250311.1ubuntu3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/amd64-microcode/+bug/2120893/+subscriptions
More information about the foundations-bugs
mailing list