OVMSA-2022-0020 - microcode_ctl security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2022-08-03 |
Description
[3:1.17-33.31.0.3]
- update 06-55-04 to 0x2006d05
- update 06-55-07 to 0x5003302
- update 06-6a-04 to 0xb000280
- update 06-6a-06 to 0xd000375
[3:1.17-33.31.0.2]
- update Intel microcode bundle to 20210608
[3:1.17-33.31.0.1]
- recognize the 'force-intel' file path available on EL7+ [orabug 31655792]
- disable live load during %post due to UEK4 rendezvous timeouts [orabug 31655792]
- merge Oracle changes for early load via dracut
- remove no longer appropriate caveats for 06-2d-07 and 06-55-04
- remove other caveat support to be compatible with early load logic
- enable late load on install for UEK4 kernels marked safe (except BDW-79)
- set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618737]
[2:1.17-33.31]
- Update Intel CPU microcode to microcode-20201027 release, addresses
CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698
(#1893243, #1893238):
- Addition of 06-55-0b/0xbf (CPX-SP A1) microcode (in microcode.dat)
at revision 0x700001e;
- Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in
microcode.dat) at revision 0x68;
- Addition of 06-a5-02/0x20 (CML-H R1) microcode (in microcode.dat)
at revision 0xe0;
- Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode (in microcode.dat)
at revision 0xe0;
- Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode (in microcode.dat)
at revision 0xe0;
- Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode (in
microcode.dat) at revision 0xe0;
- Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in
microcode-06-4e-03.dat) from revision 0xdc up to 0xe2;
- Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
microcode-06-55-04.dat) from revision 0x2006906 up to 0x2006a08;
- Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in
microcode-06-5e-03.dat) from revision 0xdc up to 0xe2;
- Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode
(in microcode.dat) from revision 0x43 up to 0x44;
- Update of 06-55-03/0x97 (SKX-SP B1) microcode (in microcode.dat)
from revision 0x1000157 up to 0x1000159;
- Update of 06-55-06/0xbf (CLX-SP B0) microcode (in microcode.dat)
from revision 0x4002f01 up to 0x4003003;
- Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode (in
microcode.dat) from revision 0x5002f01 up to 0x5003003;
- Update of 06-5c-09/0x03 (APL D0) microcode (in microcode.dat) from
revision 0x38 up to 0x40;
- Update of 06-5c-0a/0x03 (APL B1/F1) microcode (in microcode.dat)
from revision 0x16 up to 0x1e;
- Update of 06-7a-08/0x01 (GLK-R R0) microcode (in microcode.dat)
from revision 0x16 up to 0x18;
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode (in microcode.dat)
from revision 0x78 up to 0xa0;
- Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in microcode.dat)
from revision 0xd6 up to 0xde;
- Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in
microcode.dat) from revision 0xd6 up to 0xde;
- Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in
microcode.dat) from revision 0xd6 up to 0xe0;
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in microcode.dat)
from revision 0xd6 up to 0xde;
- Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
microcode (in microcode.dat) from revision 0xd6 up to 0xde;
- Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in
microcode.dat) from revision 0xd6 up to 0xde;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in
microcode.dat) from revision 0xd6 up to 0xde;
- Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in microcode.dat)
from revision 0xd6 up to 0xde;
- Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in
microcode.dat) from revision 0xd6 up to 0xde;
- Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in
microcode.dat) from revision 0xd6 up to 0xde;
- Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode (in microcode.dat)
from revision 0xca up to 0xe0.
[2:1.17-33.30]
- Add README file to the documentation directory.
- Add publicly-sourced codenames list to supply to gen_provides.sh; update
the latter to handle the somewhat different format.
- Add SUMMARY.intel-ucode file containing metadata information from
the microcode file headers.
[2:1.17-33.29]
- Update Intel CPU microcode to microcode-20200609 release (#1826590):
- Fixed a typo in the release note file.
[2:1.17-33.28]
- Enable 06-55-04 (SKL-X/W) caveat by default.
- Enable 06-2d-07 (SNB-E/EN/EP) caveat by default (#1846024).
[2:1.17-33.27]
- Do not update 06-4e-03 (SKL-U/Y) and 06-5e-03 (SKL-H/S/Xeon E3 v5) to revision
0xdc, use 0xd6 by default (#1846134).
[2:1.17-33.26]
- Update Intel CPU microcode to microcode-20200602 release, addresses
CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 (#1795353, #1795357, #1827186):
- Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28;
- Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e
up to 0x2f;
- Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25
up to 0x26;
- Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c;
- Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21
up to 0x22;
- Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6
up to 0xdc;
- Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151
up to 0x1000157;
- Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode
(in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065
up to 0x2006906;
- Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c
up to 0x4002f01;
- Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c
up to 0x5002f01;
- Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6
up to 0xdc;
- Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode
from revision 0xca up to 0xd6;
- Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision
0xca up to 0xd6;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca
up to 0xd6;
- Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6;
- Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca
up to 0xd6;
- Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6.
[2:1.17-33.25]
- Update Intel CPU microcode to microcode-20200520 release (#1839193):
- Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f
up to 0x621;
- Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718
up to 0x71a;
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46
up to 0x78.
[2:1.17-33.24]
- Narrow down SKL-SP/W/X blacklist to exclude Server/FPGA/Fabric segment
models (#1835555).
[2:1.17-33.23]
- Do not update 06-55-04 (SKL-SP/W/X) to revision 0x2000065, use 0x2000064
by default (#1774635).
[2:1.17-33.22]
- Update Intel CPU microcode to microcode-20191115 release:
- Update of 06-4e-03/0xc0 (SKL-U/Y D0) from revision 0xd4 up to 0xd6;
- Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) from revision 0xd4
up to 0xd6;
- Update of 06-8e-09/0x10 (AML-Y 2+2 H0) from revision 0xc6 up to 0xca;
- Update of 06-8e-09/0xc0 (KBL-U/Y H0) from revision 0xc6 up to 0xca;
- Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) from revision 0xc6 up to 0xca;
- Update of 06-8e-0b/0xd0 (WHL-U W0) from revision 0xc6 up to 0xca;
- Update of 06-8e-0c/0x94 (AML-Y V0, CML-U 4+2 V0, WHL-U V0) from revision
0xc6 up to 0xca;
- Update of 06-9e-09/0x2a (KBL-G/X H0, KBL-H/S/Xeon E3 B0) from revision 0xc6
up to 0xca;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) from revision 0xc6 up to 0xca;
- Update of 06-9e-0b/0x02 (CFL-S B0) from revision 0xc6 up to 0xca;
- Update of 06-9e-0c/0x22 (CFL-S/Xeon E P0) from revision 0xc6 up to 0xca;
- Update of 06-9e-0d/0x22 (CFL-H/S R0) from revision 0xc6 up to 0xca;
- Update of 06-a6-00/0x80 (CML-U 6+2 A0) from revision 0xc6 up to 0xca.
[2:1.17-33.21]
- Update Intel CPU microcode to microcode-20191113 release:
- Update of 06-9e-0c (CFL-H/S P0) microcode from revision 0xae up to 0xc6.
- Drop 0001-releasenote-changes-summary-fixes.patch.
[2:1.17-33.20]
- Package the publicy available microcode-20191112 release (#1755021):
- Addition of 06-4d-08/0x1 (AVN B0/C0) microcode at revision 0x12d;
- Addition of 06-55-06/0xbf (CSL-SP B0) microcode at revision 0x400002c;
- Addition of 06-7a-08/0x1 (GLK R0) microcode at revision 0x16;
- Update of 06-55-03/0x97 (SKL-SP B1) microcode from revision 0x1000150
up to 0x1000151;
- Update of 06-55-04/0xb7 (SKL-SP H0/M0/U0, SKL-D M1) microcode from revision
0x2000064 up to 0x2000065;
- Update of 06-55-07/0xbf (CSL-SP B1) microcode from revision 0x500002b
up to 0x500002c;
- Update of 06-7a-01/0x1 (GLK B0) microcode from revision 0x2e up to 0x32;
- Include 06-9e-0c (CFL-H/S P0) microcode from the microcode-20190918 release.
- Correct the releasenote file (0001-releasenote-changes-summary-fixes.patch).
- Update README.caveats with the link to the new Knowledge Base article.
[2:1.17-33.19]
- Fix the incorrect 'Source2:' tag.
[2:1.17-33.18]
- Intel CPU microcode update to 20191112, addresses CVE-2017-5715,
CVE-2019-0117, CVE-2019-11135, CVE-2019-11139 (#1764049, #1764062, #1764953,
- Addition of 06-a6-00/0x80 (CML-U 6+2 A0) microcode at revision 0xc6;
- Addition of 06-66-03/0x80 (CNL-U D0) microcode at revision 0x2a;
- Addition of 06-55-03/0x97 (SKL-SP B1) microcode at revision 0x1000150;
- Addition of 06-7e-05/0x80 (ICL-U/Y D1) microcode at revision 0x46;
- Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xcc to 0xd4;
- Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) microcode from revision 0xcc
to 0xd4
- Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xb4 to 0xc6;
- Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xb4 to 0xc6;
- Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) microcode from revision 0xb4
to 0xc6;
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xb8 to 0xc6;
- Update of 06-8e-0c/0x94 (AML-Y V0) microcode from revision 0xb8 to 0xc6;
- Update of 06-8e-0c/0x94 (CML-U 4+2 V0) microcode from revision 0xb8 to 0xc6;
- Update of 06-8e-0c/0x94 (WHL-U V0) microcode from revision 0xb8 to 0xc6;
- Update of 06-9e-09/0x2a (KBL-G/X H0) microcode from revision 0xb4 to 0xc6;
- Update of 06-9e-09/0x2a (KBL-H/S/Xeon E3 B0) microcode from revision 0xb4
to 0xc6;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision 0xb4
to 0xc6;
- Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xb4 to 0xc6;
- Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xb8 to 0xc6.
[2:1.17-33.17]
- Do not update 06-2d-07 (SNB-E/EN/EP) to revision 0x718, use 0x714
by default (#1758382).
[2:1.17-33.16]
- Revert more strict model check code, as it requires request_firmware-based
microcode loading mechanism and breaks enabling of microcode with caveats.
[2:1.17-33.15]
- Intel CPU microcode update to 20190918 (#1753540).
[2:1.17-33.14]
- Intel CPU microcode update to 20190618 (#1717238).
[2:1.17-33.13]
- Remove disclaimer, as it is not as important now to justify kmsg/log
pollution; its contents are partially adopted in README.caveats.
[2:1.17-33.12]
- Intel CPU microcode update to 20190514a (#1711938).
[2:1.17-33.11]
- Intel CPU microcode update to 20190507_Public_DEMO (#1697960).
[2:1.17-33.10]
- Intel CPU microcode update to 20190312 (#1697960).
[2:1.17-33.9]
- Fix disclaimer path in %post script.
[2:1.17-33.8]
- Fix installation path for the disclaimer file.
- Add README.caveats documentation file.
[2:1.17-33.7]
- Use check_caveats from the RHEL 7 package in order to support overrides.
[2:1.17-33.6]
- Disable 06-4f-01 microcode in config (#1622180).
[2:1.17-33.5]
- Intel CPU microcode update to 20180807a (#1614427).
- Add check for minimal microcode version to reload_microcode.
[2:1.17-33.4]
- Intel CPU microcode update to 20180807.
- Resolves: #1614427.
[2:1.17-33.3]
- Intel CPU microcode update to 20180703
- Add infrastructure for handling kernel-version-dependant microcode
- Resolves: #1574593
[1:1.17-33.1]
- Intel CPU microcode update to 20180613.
- Resolves: #1573451
[1:1.17-33]
- Update AMD microcode to 2018-05-24
- Resolves: #1584192
[1:1.17-32]
- Update AMD microcode
- Resolves: #1574591
[1:1.17-31]
- Update disclaimer text
- Resolves: #1574588
[1:1.17-30]
- Intel CPU microcode update to 20180425.
- Resolves: #1574588
[1:1.17-29]
- Revert Microcode from Intel and AMD for Side Channel attack
- Resolves: #1533941
[1:1.17-28]
- Update microcode data file to 20180108 revision.
- Resolves: #1527354
[1:1.17-27]
- Update Intel CPU microde for 06-3f-02, 06-4f-01, and 06-55-04
- Add amd microcode_amd_fam17h.bin data file
- Resolves: #1527354
[1:1.17-26]
- Update microcode data file to 20170707 revision.
- Resolves: #1465143
[1:1.17-25]
- Revert microcode_amd_fam15h.bin to version from amd-ucode-2012-09-10
- Resolves: #1322525
[1:1.17-24]
- Update microcode data file to 20161104 revision.
- Add workaround for E5-26xxv4
- Resolves: #1346045
[1:1.17-23]
- Update microcode data file to 20160714 revision.
- Resolves: #1346045
[1:1.17-22]
- Update amd microcode data file to amd-ucode-2013-11-07
- Resolves: #1322525
[1:1.17-21]
- Update microcode data file to 20151106 revision.
- Resolves: #1244968
- Remove bad file permissions on /lib/udev/rules.d/89-microcode.rules
- Resolves: #1201276
[1:1.17-20]
- Update microcode data file to 20150121 revision.
- Resolves: #1123992
[1:1.17-19]
- Update microcode data file to 20140624 revision.
- Resolves: #1113394
[1:1.17-18]
- Update microcode data file to 20140430 revision.
- Resolves: #1036240
[1:1.17-17]
- Update to microcode-20130906.dat
- Resolves: rhbz#1005606
[1:1.17-16]
- Microcode update should be skipped in virtualized environment
- Resolves: rhbz#1000317
[1:1.17-15]
- Update to microcode-20130808.dat
- Resolves: rhbz#915957
[1:1.17-14]
- Update microcode for AMD cpus to 2012-09-10
- Resolves: rhbz#867078
[1:1.17-13]
- Update to microcode-20120606v2.dat
- Resolves: rhbz#818096
[1:1.17-12]
- Fix udev rule
- Resolves: rhbz#740932
- Update to microcode-20120606.dat
- Resolves: rhbz#818096
[1:1.17-11]
- Update microcode for AMD cpus to 20120117
- Resolves: rhbz#787757
[1:1.17-10]
- Fix buffer overflow
- Resolves: rhbz#768803
- Update to microcode-20111110.dat
- Resolves: rhbz#736266
[1:1.17-9]
- Update to microcode-20110915.dat
- Resolves: rhbz#696582
[1:1.17-8]
- Revert: Minor fix of the udev rule
- Relates: rhbz#682668
[1:1.17-7]
- Minor fix of the udev rule
- Include microcode update for AMD cpus
- Resolves: rhbz#682668
[1:1.17-6]
- Update to microcode-20110428.dat
- Resolves: rhbz#696582
[1:1.17-5]
- fix memory leak.
- Resolves: rhbz#684009
[1:1.17-4]
- Update to microcode-20101123.dat
- Make microcode_ctl event driven
- Resolves: rhbz#578107
[1:1.17-3]
- Update to microcode-20100209.dat [488319]
[1:1.17-2]
- Don't use a CVS release for RHEL, otherwise it'll always be a branch
and irritating.
- Fix syntax error in microcode_ctl.init.
- Resolves: rhbz#552246.
[1:1.17-1.41.1]
- Rebuilt for RHEL 6
* Wed Sep 30 2009 Dave Jones
- Update to microcode-20090927.dat
* Fri Sep 11 2009 Dave Jones
- Remove some unnecessary code from the init script.
[1:1.17-1.52.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Thu Jun 25 2009 Dave Jones
- Shorten sleep time during init.
This really needs to be replaced with proper udev hooks, but this is
a quick interim fix.
[1:1.17-1.50]
- Change ExclusiveArch to i586 instead of i386. Resolves rhbz#497711.
* Wed May 13 2009 Dave Jones
- update to microcode 20090330
[1:1.17-1.46.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Fri Sep 12 2008 Dave Jones
- update to microcode 20080910
* Tue Apr 01 2008 Jarod Wilson
- Update to microcode 20080401
* Sat Mar 29 2008 Dave Jones
- Update to microcode 20080220
- Fix rpmlint warnings in specfile.
* Mon Mar 17 2008 Dave Jones
- specfile cleanups.
* Fri Feb 22 2008 Jarod Wilson
- Use /lib/firmware instead of /etc/firmware
* Wed Feb 13 2008 Jarod Wilson
- Fix permissions on microcode.dat
* Thu Feb 07 2008 Jarod Wilson
- Spec cleanup and macro standardization.
- Update license
- Update microcode data file to 20080131 revision.
* Mon Jul 02 2007 Dave Jones
- Update to upstream 1.17
* Thu Oct 12 2006 Jon Masters
- BZ209455 fixes.
* Mon Jul 17 2006 Jesse Keating
- rebuild
* Fri Jun 16 2006 Bill Nottingham
- remove kudzu requirement
- add prereq for coreutils, awk, grep
* Thu Feb 09 2006 Dave Jones
- rebuild.
* Fri Jan 27 2006 Dave Jones
- Update to upstream 1.13
* Fri Dec 16 2005 Jesse Keating
- rebuilt for new gcj
* Fri Dec 09 2005 Jesse Keating
- rebuilt
* Mon Nov 14 2005 Dave Jones
- initscript tweaks.
* Tue Sep 13 2005 Dave Jones
- Update to upstream 1.12
* Wed Aug 17 2005 Dave Jones
- Check for device node *after* loading the module. (#157672)
* Tue Mar 01 2005 Dave Jones
- Rebuild for gcc4
* Thu Feb 17 2005 Dave Jones
- s/Serial/Epoch/
* Tue Jan 25 2005 Dave Jones
- Drop the node creation/deletion change from previous release.
It'll cause grief with selinux, and was a hack to get around
a udev shortcoming that should be fixed properly.
* Fri Jan 21 2005 Dave Jones
- Create/remove the /dev/cpu/microcode dev node as needed.
- Use correct path again for the microcode.dat.
- Remove some no longer needed tests in the init script.
* Fri Jan 14 2005 Dave Jones
- Only enable microcode_ctl service if the CPU is capable.
- Prevent microcode_ctl getting restarted multiple times on initlevel change (#141581)
- Make restart/reload work properly
- Do nothing if not started by root.
* Wed Jan 12 2005 Dave Jones
- Adjust dev node location. (#144963)
* Tue Jan 11 2005 Dave Jones
- Load/Remove microcode module in initscript.
* Mon Jan 10 2005 Dave Jones
- Update to upstream 1.11 release.
* Sat Dec 18 2004 Dave Jones
- Initial packaging, based upon kernel-utils.
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle VM 3 (x86_64) | microcode_ctl-1.17-33.31.0.3.el6_10.src.rpm | 5f1ecd5b328073156ff3df0dbf9685a8 | - |
| microcode_ctl-1.17-33.31.0.3.el6_10.x86_64.rpm | f04923baf262864f59bb56d4436ec262 | - |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
