[ubuntu/resolute-proposed] amd64-microcode 3.20251202.1ubuntu1 (Accepted)
Rodrigo Figueiredo Zaiden
rodrigo.zaiden at canonical.com
Thu Feb 5 17:48:13 UTC 2026
amd64-microcode (3.20251202.1ubuntu1) resolute; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/initramfs.hook: initramfs-tools hook:
+ Default to 'early' instead of 'auto' when building with
MODULES=most
+ Do not override preset defaults from auto-exported conf
snippets loaded by initramfs-tools.
- debian/control: Depend on 3cpio for the initramfs-tools hook.
amd64-microcode (3.20251202.1) unstable; urgency=medium
* Update package data from linux-firmware 20251202
* ATTENTION: regression risk if backported to stable or LTS.
The amd processor microcode updates in this release will not load on
systems with outdated BIOS vulnerable to "Entrysign" unless a number of
kernel patches are present.
* amd-tee: update AMD PMF TA Firmware to v3.1.
* amd-ucode: update with release 2025-12-02:
+ SECURITY UPDATE (AMD-SB-7055 / CVE-2025-62626)
Fix RDSEED Failure on more AMD Zen 5 Processor models
(closes: #1120005)
* amd-ucode: update with release 2025-11-13:
+ SECURITY UPDATE (AMD-SB-7055 / CVE-2025-62626)
Fix RDSEED Failure on more AMD Zen 5 Processor models
* amd-ucode: update with release 2025-10-30:
+ SECURITY UPDATE (AMD-SB-7055 / CVE-2025-62626)
Fix RDSEED Failure on some AMD Zen 5 Processor models
+ amd-ucode: update with release 2025-10-27:
* This is the final microcode release for systems that have not
been updated to fix vulnerability AMD-SB-7033 "Entrysign").
* A kernel update is needed for the microcode driver to be able
to select the appropriate microcode updates for outdated system
firmware vulnerable to "Entrysign".
* On non-updated kernels, this will potentially *regress* the
microcode version on the running system back to the one in the
(outdated, unpatched-for-Entrysign) BIOS.
+ amd-ucode: update with release 2025-07-29:
+ SECURITY UPDATE (AMD-SB-7029: CVE-2024-36350, CVE-2024-36357):
Mitigate transient execution vulnerabilities in some AMD processors
which might allow an attacker to infer data from previous stores
(TSA-SQ) or data in the L1D cache (TSA-L1), potentially resulting in
the leakage of privileged information and sensitive information across
priviledged boundaries (closes: #1109035)
* NOTE: Requires kernel and hypervisor changes for the security
mitigations to be applied (issue VERW instruction at appropriate
times).
* initramfs: guard against copying non-microcode data into the
early-initramfs bundle, for the benefit of those that copy all files from
linux-firmware into /lib/firmware/*. Thanks to Eric Valette for tracking
it down (closes: #1101350)
* debian/control: recommend cpio (closes: #1110987)
* NEWS.Debian: update for post-Entrysign microcode updates
Document that kernel patches are needed to avoid regressing the microcode
release on vulnerable Zen2/3/4 systems (family 0x19), and also that these
systems will not receive any future microcode updates.
Date: Mon, 02 Feb 2026 11:47:33 -0300
Changed-By: Rodrigo Figueiredo Zaiden <rodrigo.zaiden at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20251202.1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 02 Feb 2026 11:47:33 -0300
Source: amd64-microcode
Built-For-Profiles: noudeb
Architecture: source
Version: 3.20251202.1ubuntu1
Distribution: resolute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Rodrigo Figueiredo Zaiden <rodrigo.zaiden at canonical.com>
Closes: 1101350 1109035 1110987 1120005
Changes:
amd64-microcode (3.20251202.1ubuntu1) resolute; urgency=medium
.
* Merge from Debian unstable. Remaining changes:
- debian/initramfs.hook: initramfs-tools hook:
+ Default to 'early' instead of 'auto' when building with
MODULES=most
+ Do not override preset defaults from auto-exported conf
snippets loaded by initramfs-tools.
- debian/control: Depend on 3cpio for the initramfs-tools hook.
.
amd64-microcode (3.20251202.1) unstable; urgency=medium
.
* Update package data from linux-firmware 20251202
* ATTENTION: regression risk if backported to stable or LTS.
The amd processor microcode updates in this release will not load on
systems with outdated BIOS vulnerable to "Entrysign" unless a number of
kernel patches are present.
* amd-tee: update AMD PMF TA Firmware to v3.1.
* amd-ucode: update with release 2025-12-02:
+ SECURITY UPDATE (AMD-SB-7055 / CVE-2025-62626)
Fix RDSEED Failure on more AMD Zen 5 Processor models
(closes: #1120005)
* amd-ucode: update with release 2025-11-13:
+ SECURITY UPDATE (AMD-SB-7055 / CVE-2025-62626)
Fix RDSEED Failure on more AMD Zen 5 Processor models
* amd-ucode: update with release 2025-10-30:
+ SECURITY UPDATE (AMD-SB-7055 / CVE-2025-62626)
Fix RDSEED Failure on some AMD Zen 5 Processor models
+ amd-ucode: update with release 2025-10-27:
* This is the final microcode release for systems that have not
been updated to fix vulnerability AMD-SB-7033 "Entrysign").
* A kernel update is needed for the microcode driver to be able
to select the appropriate microcode updates for outdated system
firmware vulnerable to "Entrysign".
* On non-updated kernels, this will potentially *regress* the
microcode version on the running system back to the one in the
(outdated, unpatched-for-Entrysign) BIOS.
+ amd-ucode: update with release 2025-07-29:
+ SECURITY UPDATE (AMD-SB-7029: CVE-2024-36350, CVE-2024-36357):
Mitigate transient execution vulnerabilities in some AMD processors
which might allow an attacker to infer data from previous stores
(TSA-SQ) or data in the L1D cache (TSA-L1), potentially resulting in
the leakage of privileged information and sensitive information across
priviledged boundaries (closes: #1109035)
* NOTE: Requires kernel and hypervisor changes for the security
mitigations to be applied (issue VERW instruction at appropriate
times).
* initramfs: guard against copying non-microcode data into the
early-initramfs bundle, for the benefit of those that copy all files from
linux-firmware into /lib/firmware/*. Thanks to Eric Valette for tracking
it down (closes: #1101350)
* debian/control: recommend cpio (closes: #1110987)
* NEWS.Debian: update for post-Entrysign microcode updates
Document that kernel patches are needed to avoid regressing the microcode
release on vulnerable Zen2/3/4 systems (family 0x19), and also that these
systems will not receive any future microcode updates.
Checksums-Sha1:
7195c1f096d07d3548bbd97e10c5eddb63084e59 1802 amd64-microcode_3.20251202.1ubuntu1.dsc
16a0a62a44fdddb893e3e699a393b1e9d39b2ec6 446776 amd64-microcode_3.20251202.1ubuntu1.tar.xz
8f050b69631816809dd02c347625892858e59d54 6307 amd64-microcode_3.20251202.1ubuntu1_source.buildinfo
Checksums-Sha256:
bd9ea63cf3d6ca2c67c5fdf0e91e9156ba7afe50fea412e22943b5ad6e852db8 1802 amd64-microcode_3.20251202.1ubuntu1.dsc
e12d0acb7e6fd03619ad0502a5bf528532f1938802580492e71cf68d152cba96 446776 amd64-microcode_3.20251202.1ubuntu1.tar.xz
d44f3a661aa9ca88643da6c04917646aa8eb6336306496f3bf90b91a4488ff1f 6307 amd64-microcode_3.20251202.1ubuntu1_source.buildinfo
Files:
2e2a7ccea8c2fce4793478d03dd44d60 1802 non-free-firmware/admin standard amd64-microcode_3.20251202.1ubuntu1.dsc
ee87e4c9a7f9298c546a80ba3df44d0c 446776 non-free-firmware/admin standard amd64-microcode_3.20251202.1ubuntu1.tar.xz
78752553a606e439b659b4f9c03095d6 6307 non-free-firmware/admin standard amd64-microcode_3.20251202.1ubuntu1_source.buildinfo
Original-Maintainer: Henrique de Moraes Holschuh <hmh at debian.org>
More information about the Resolute-changes
mailing list