[Bug 2120893] Re: [FFe] Update amd64-microcode to upstream version 20250708

Launchpad Bug Tracker 2120893 at bugs.launchpad.net
Tue Sep 23 20:32:38 UTC 2025 

This bug was fixed in the package amd64-microcode - 3.20250708.1ubuntu1

---------------
amd64-microcode (3.20250708.1ubuntu1) questing; urgency=medium

  [ Rodrigo Figueiredo Zaiden ]
  * SECURITY UPDATE: Update package data from linux-firmware 20250708 (LP: #2120893)
    - Updated microcodes:
      Family=0x19 Model=0x08 Stepping=0x02: Patch=0x0a00820d Length=5568 bytes
      Family=0x19 Model=0x18 Stepping=0x01: Patch=0x0a108109 Length=5568 bytes
      Family=0x19 Model=0x21 Stepping=0x00: Patch=0x0a20102e Length=5568 bytes
      Family=0x19 Model=0x21 Stepping=0x02: Patch=0x0a201211 Length=5568 bytes
      Family=0x19 Model=0x44 Stepping=0x01: Patch=0x0a404108 Length=5568 bytes
      Family=0x19 Model=0x50 Stepping=0x00: Patch=0x0a500012 Length=5568 bytes
      Family=0x19 Model=0x61 Stepping=0x02: Patch=0x0a60120a Length=5568 bytes
      Family=0x19 Model=0x74 Stepping=0x01: Patch=0x0a704108 Length=5568 bytes
      Family=0x19 Model=0x75 Stepping=0x02: Patch=0x0a705208 Length=5568 bytes
      Family=0x19 Model=0x78 Stepping=0x00: Patch=0x0a708008 Length=5568 bytes
      Family=0x19 Model=0x7c Stepping=0x00: Patch=0x0a70c008 Length=5568 bytes
    - CVE-2024-36350 (AMD-SB-7029)
      A transient execution vulnerability in some AMD processors may allow
      an attacker to infer data from previous stores, potentially resulting
      in the leakage of privileged information.
    - CVE-2024-36357 (AMD-SB-7029)
      A transient execution vulnerability in some AMD processors may allow
      an attacker to infer data in the L1D cache, potentially resulting in
      the leakage of sensitive information across privileged boundaries.
  * Remaining changes:
    - initramfs-tools hook (debian/initramfs.hook):
      + Default to 'early' instead of 'auto' when building with
        MODULES=most
      + Do not override preset defaults from auto-exported conf
        snippets loaded by initramfs-tools.

  [ Marc Deslauriers ]
  * Also Update AMD PMF TA Firmware to v3.1 to match the upstream git tag.

 -- Rodrigo Figueiredo Zaiden <rodrigo.zaiden at canonical.com>  Mon, 18
Aug 2025 22:08:22 -0300

** Changed in: amd64-microcode (Ubuntu)
       Status: Triaged => Fix Released

** CVE added: https://cve.org/CVERecord?id=CVE-2024-36350

** CVE added: https://cve.org/CVERecord?id=CVE-2024-36357

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to amd64-microcode in Ubuntu.
https://bugs.launchpad.net/bugs/2120893

Title:
  [FFe] Update amd64-microcode to upstream version 20250708

Status in amd64-microcode package in Ubuntu:
  Fix Released

Bug description:
  ## FFE ##

  amd64-microcode contains binaries distributed from the upstream
  linux-firmware repository[1]. Version 20250708 fixes CVE-2024-36350 and
  CVE-2024-36357, both for AMD TSA[2] and it is being updated across most
  of the releases, and to avoid possible upgrade interruptions, we would
  need to have the devel release also updated to this newer version.

  At this stage, supported releases are in the security-proposed
  pocket[3].

  The idea is: if approved, a rebased version on top of the version in the
  archive proposed[4] can get sponsored by a security team member including
  this LP Bug on the debian/changelog.

  ### Testing Done ###

  Questing update was tested with a local build using AMD machines available
  in testflinger running the QRT test for this package[5], which checks if
  the new microcode is loaded and device is booted.

  
  [1]: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/amd-ucode?id=331eac9144402d6cfa02ff3b2888a40bb9a7a01a
  [2]: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
  [3]: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages?field.name_filter=amd64-microcode&field.status_filter=published&field.series_filter=
  [4]: https://launchpad.net/ubuntu/+source/amd64-microcode/3.20250311.1ubuntu3
  [5]: https://git.launchpad.net/qa-regression-testing/tree/scripts/test-amd64-microcode.py

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/amd64-microcode/+bug/2120893/+subscriptions

More information about the foundations-bugs mailing list