From 053e483dd6cc99eb782400f71568f47c4f962d6e Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 30 Sep 2024 19:15:52 +0200 Subject: Adding upstream version 3.20240910.1. Signed-off-by: Daniel Baumann --- changelog | 102 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 100 insertions(+), 2 deletions(-) (limited to 'changelog') diff --git a/changelog b/changelog index ae2932c..e6eb97c 100644 --- a/changelog +++ b/changelog @@ -1,7 +1,92 @@ +2024-09-10: + * New upstream microcode datafile 20240910 + - Mitigations for INTEL-SA-01103 (CVE-2024-23984) + A potential security vulnerability in the Running Average Power Limit + (RAPL) interface for some Intel Processors may allow information + disclosure. + - Mitigations for INTEL-SA-01097 (CVE-2024-24968) + A potential security vulnerability in some Intel Processors may allow + denial of service. + - Fixes for unspecified functional issues on several processor models + - The processor voltage limit issue on Core 13rd/14th gen REQUIRES A + FIRMWARE UPDATE. It is present in this release for sig 0xb0671, but + THE VOLTAGE ISSUE FIX ONLY WORKS WHEN THE MICROCODE UPDATE IS LOADED + THROUGH THE FIT TABLE IN FIRMWARE. Contact your system vendor for a + firmware update that includes the appropriate microcode update for + your processor. + * Updated Microcodes: + sig 0x00090672, pf_mask 0x07, 2024-02-22, rev 0x0036, size 224256 + sig 0x00090675, pf_mask 0x07, 2024-02-22, rev 0x0036 + sig 0x000b06f2, pf_mask 0x07, 2024-02-22, rev 0x0036 + sig 0x000b06f5, pf_mask 0x07, 2024-02-22, rev 0x0036 + sig 0x000906a3, pf_mask 0x80, 2024-02-22, rev 0x0434, size 222208 + sig 0x000906a4, pf_mask 0x80, 2024-02-22, rev 0x0434 + sig 0x000a06a4, pf_mask 0xe6, 2024-06-17, rev 0x001f, size 137216 + sig 0x000b0671, pf_mask 0x32, 2024-07-18, rev 0x0129, size 215040 + sig 0x000b06a2, pf_mask 0xe0, 2024-02-22, rev 0x4122, size 220160 + sig 0x000b06a3, pf_mask 0xe0, 2024-02-22, rev 0x4122 + sig 0x000b06a8, pf_mask 0xe0, 2024-02-22, rev 0x4122 + sig 0x000b06e0, pf_mask 0x19, 2024-03-25, rev 0x001a, size 138240 + +2024-08-13: + * New upstream microcode datafile 20240813 (second release) + - Mitigations for INTEL-SA-01083 (CVE-2024-24853) + Incorrect behavior order in transition between executive monitor and SMI + transfer monitor (STM) in some Intel Processors may allow a privileged + user to potentially enable escalation of privilege via local access. + - Mitigations for INTEL-SA-01118 (CVE-2024-25939) + Mirrored regions with different values in 3rd Generation Intel Xeon + Scalable Processors may allow a privileged user to potentially enable + denial of service via local access. + - Mitigations for INTEL-SA-01100 (CVE-2024-24980) + Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel + Xeon Processors may allow a privileged user to potentially enable + escalation of privilege via local access. + - Mitigations for INTEL-SA-01038 (CVE-2023-42667) + Improper isolation in the Intel Core Ultra Processor stream cache + mechanism may allow an authenticated user to potentially enable + escalation of privilege via local access. Intel disclosed that some + processor models were already fixed by the previous microcode update. + - Mitigations for INTEL-SA-01046 (CVE-2023-49141) + Improper isolation in some IntelĀ® Processors stream cache mechanism may + allow an authenticated user to potentially enable escalation of + privilege via local access. Intel disclosed that some processor models + were already fixed by the previous microcode update. + - Fix for unspecified functional issues on several processor models + - Fix for errata TGL068/ADL075/ICL088/... "Processor may hang during a + microcode update". It is not clear which processors were fixed by this + release, or by one of the microcode updates from 2024-05. + * Updated microcodes: + sig 0x00050657, pf_mask 0xbf, 2024-03-01, rev 0x5003707, size 39936 + sig 0x0005065b, pf_mask 0xbf, 2024-04-01, rev 0x7002904, size 30720 + sig 0x000606a6, pf_mask 0x87, 2024-04-01, rev 0xd0003e7, size 308224 + sig 0x000606c1, pf_mask 0x10, 2024-04-03, rev 0x10002b0, size 300032 + sig 0x000706e5, pf_mask 0x80, 2024-02-15, rev 0x00c6, size 114688 + sig 0x000806c1, pf_mask 0x80, 2024-02-15, rev 0x00b8, size 112640 + sig 0x000806c2, pf_mask 0xc2, 2024-02-15, rev 0x0038, size 99328 + sig 0x000806d1, pf_mask 0xc2, 2024-02-15, rev 0x0052, size 104448 + sig 0x000806e9, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 106496 + sig 0x000806e9, pf_mask 0x10, 2024-02-01, rev 0x00f6, size 106496 + sig 0x000806ea, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 105472 + sig 0x000806eb, pf_mask 0xd0, 2024-02-01, rev 0x00f6, size 106496 + sig 0x000806ec, pf_mask 0x94, 2024-02-05, rev 0x00fc, size 106496 + sig 0x00090661, pf_mask 0x01, 2024-04-05, rev 0x001a, size 20480 + sig 0x000906ea, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 105472 + sig 0x000906eb, pf_mask 0x02, 2024-02-01, rev 0x00f6, size 106496 + sig 0x000906ec, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 106496 + sig 0x000906ed, pf_mask 0x22, 2024-02-05, rev 0x0100, size 106496 + sig 0x000a0652, pf_mask 0x20, 2024-02-01, rev 0x00fc, size 97280 + sig 0x000a0653, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 98304 + sig 0x000a0655, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 97280 + sig 0x000a0660, pf_mask 0x80, 2024-02-01, rev 0x00fe, size 97280 + sig 0x000a0661, pf_mask 0x80, 2024-02-01, rev 0x00fc, size 97280 + sig 0x000a0671, pf_mask 0x02, 2024-03-07, rev 0x0062, size 108544 + sig 0x000a06a4, pf_mask 0xe6, 2024-04-15, rev 0x001e, size 137216 + 2024-05-31: * New upstream microcode datafile 20240531 - * Fix unspecified functional issues on Pentium Silver N/J5xxx, - Celeron N/J4xxx + - Fix unspecified functional issues on Pentium Silver N/J5xxx, + Celeron N/J4xxx * Updated Microcodes: sig 0x000706a1, pf_mask 0x01, 2024-04-19, rev 0x0042, size 76800 @@ -19,6 +104,19 @@ Improper input validation in some Intel TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. + - Mitigations for INTEL-SA-01046 (CVE-2023-49141) + Improper isolation in some Intel Processors stream cache mechanism may + allow an authenticated user to potentially enable escalation of + privilege via local access (time-travel entry, added after Intel + released this information during the full disclosure for the 20240813 + update). Processor signatures 0x806f4-0x806f8, 0xb0671, 0x90672, and + 0x90675 + - Mitigations for INTEL-SA-01100 (CVE-2024-24980) for the Intel + Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel + Xeon Processors may allow a privileged user to potentially enable + escalation of privilege via local access (time-travel entry, added after + Intel released this information during the full disclosure for the + 20240813 update). Processor signatures 0xc06f1 and 0xc06f2. - Fix for unspecified functional issues on 4th gen and 5th gen Xeon Scalable, 12th, 13th and 14th gen Intel Core processors, as well as for Core i3 N-series processors. -- cgit v1.2.3