[Bug 2100005] Re: intel-microcode 3.20250211.0ubuntu0.22.04.1 may be incomplete

Norman Wilson 2100005 at bugs.launchpad.net
Thu Feb 27 15:35:48 UTC 2025 

If Intel hasn't given you anything, it's certainly fair that you didn't
pass it on, and if there isn't any new microcode for those processors I
won't worry about not having it installed.

Thanks for looking into it and confirming that I don't need to worry.

Cheers,

Norman

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to intel-microcode in Ubuntu.
https://bugs.launchpad.net/bugs/2100005

Title:
  intel-microcode 3.20250211.0ubuntu0.22.04.1 may be incomplete

Status in intel-microcode package in Ubuntu:
  Invalid

Bug description:
  USN-7269-1: Intel Microcode vulnerabilities claims to address three
  different CVEs, each for a different Intel advisory:

  
      CVE-2024-36293 intel-sa-01213.html
      CVE-2024-39279 intel-sa-01139.html
      CVE-2024-31068 intel-sa-01166.html

  According to Intel's notice, 01139 affects CPUs with IDs 50657 and
  906E9 (among others).  We have systems with each of those IDs, but
  installing intel-microcode 3.20250211.0ubuntu0.22.04.1 and rebooting
  leaves the microcode version number unchanged.

  I fetched previous package version 20241112, unpacked the files,
  compared the files, and discovered that the files in
  /lib/firmware/intel-ucode for those two CPU IDs (06-55-07 for 50657,
  06-9e-09 for 906E9) were the same.  So the version number didn't
  increment because there is in fact no new microcode for those CPU IDs.

  For 906E9 this is fair enough: that ID reached its Intel EOSL on
  2024-03-31, so Intel no longer promises updates.  But is still
  supported until 2025-06-30, so there should be an update for that ID.
  (I am getting this info from
  https://www.intel.com/content/www/us/en/support/articles/000022396/processors.html,
  which we have learned to check periodically.)

  There are other CPU IDs affected by 01139 that did get updates, but
  each of them is also affected by at least one of the other two
  advisories addressed by the 20259211 firmware package.

  Were the updates for 01139 somehow left out?

  Thanks.

  I am marking this as a security vulnerability because it is about a
  USN.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/2100005/+subscriptions

More information about the foundations-bugs mailing list