Debian Bug report logs -
#1043305
intel-microcode: CVE-2022-40982 CVE-2022-41804 CVE-2023-23908
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 8 Aug 2023 19:27:04 UTC
Severity: grave
Tags: security, upstream
Found in versions intel-microcode/3.20230214.1~deb11u1, intel-microcode/3.20230512.1, intel-microcode/3.20220510.1~deb11u1
Fixed in version intel-microcode/3.20230808.1
Done: Henrique de Moraes Holschuh <hmh@debian.org>
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Henrique de Moraes Holschuh <hmh@debian.org>:
Bug#1043305; Package src:intel-microcode.
(Tue, 08 Aug 2023 19:27:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Henrique de Moraes Holschuh <hmh@debian.org>.
(Tue, 08 Aug 2023 19:27:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: intel-microcode
Version: 3.20230512.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 3.20220510.1~deb11u1
Control: found -1 3.20230214.1~deb11u1
Hi,
The following vulnerabilities were published for intel-microcode.
CVE-2022-40982[0], CVE-2022-41804[1] and CVE-2023-23908[2].
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-40982
https://www.cve.org/CVERecord?id=CVE-2022-40982
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html
[1] https://security-tracker.debian.org/tracker/CVE-2022-41804
https://www.cve.org/CVERecord?id=CVE-2022-41804
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html
[2] https://security-tracker.debian.org/tracker/CVE-2023-23908
https://www.cve.org/CVERecord?id=CVE-2023-23908
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html
[3] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Marked as found in versions intel-microcode/3.20220510.1~deb11u1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to submit@bugs.debian.org.
(Tue, 08 Aug 2023 19:27:06 GMT) (full text, mbox, link).
Marked as found in versions intel-microcode/3.20230214.1~deb11u1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to submit@bugs.debian.org.
(Tue, 08 Aug 2023 19:27:07 GMT) (full text, mbox, link).
Reply sent
to Henrique de Moraes Holschuh <hmh@debian.org>:
You have taken responsibility.
(Tue, 08 Aug 2023 23:24:02 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Tue, 08 Aug 2023 23:24:03 GMT) (full text, mbox, link).
Message #14 received at 1043305-close@bugs.debian.org (full text, mbox, reply):
Source: intel-microcode
Source-Version: 3.20230808.1
Done: Henrique de Moraes Holschuh <hmh@debian.org>
We believe that the bug you reported is fixed in the latest version of
intel-microcode, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1043305@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Henrique de Moraes Holschuh <hmh@debian.org> (supplier of updated intel-microcode package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 08 Aug 2023 17:25:56 -0300
Source: intel-microcode
Architecture: source
Version: 3.20230808.1
Distribution: unstable
Urgency: high
Maintainer: Henrique de Moraes Holschuh <hmh@debian.org>
Changed-By: Henrique de Moraes Holschuh <hmh@debian.org>
Closes: 1043305
Changes:
intel-microcode (3.20230808.1) unstable; urgency=high
.
* New upstream microcode datafile 20230808 (closes: #1043305)
Mitigations for "Downfall" INTEL-SA-00828 (CVE-2022-40982),
INTEL-SA-00836 (CVE-2023-23908) and INTEL-SA-00837 (CVE-2022-41804)
* Updated microcodes:
sig 0x00050653, pf_mask 0x97, 2023-03-23, rev 0x1000181, size 36864
sig 0x00050654, pf_mask 0xb7, 2023-03-06, rev 0x2007006, size 44032
sig 0x00050656, pf_mask 0xbf, 2023-03-17, rev 0x4003604, size 38912
sig 0x00050657, pf_mask 0xbf, 2023-03-17, rev 0x5003604, size 38912
sig 0x0005065b, pf_mask 0xbf, 2023-03-21, rev 0x7002703, size 30720
sig 0x000606a6, pf_mask 0x87, 2023-03-30, rev 0xd0003a5, size 297984
sig 0x000706e5, pf_mask 0x80, 2023-02-26, rev 0x00bc, size 113664
sig 0x000806c1, pf_mask 0x80, 2023-02-27, rev 0x00ac, size 111616
sig 0x000806c2, pf_mask 0xc2, 2023-02-27, rev 0x002c, size 98304
sig 0x000806d1, pf_mask 0xc2, 2023-02-27, rev 0x0046, size 103424
sig 0x000806e9, pf_mask 0xc0, 2023-02-22, rev 0x00f4, size 106496
sig 0x000806e9, pf_mask 0x10, 2023-02-23, rev 0x00f4, size 105472
sig 0x000806ea, pf_mask 0xc0, 2023-02-23, rev 0x00f4, size 105472
sig 0x000806eb, pf_mask 0xd0, 2023-02-23, rev 0x00f4, size 106496
sig 0x000806ec, pf_mask 0x94, 2023-02-26, rev 0x00f8, size 106496
sig 0x000806f8, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1, size 572416
sig 0x000806f7, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
sig 0x000806f6, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
sig 0x000806f5, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
sig 0x000806f4, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
sig 0x000806f8, pf_mask 0x10, 2023-05-15, rev 0x2c000271, size 605184
sig 0x000806f6, pf_mask 0x10, 2023-05-15, rev 0x2c000271
sig 0x000806f5, pf_mask 0x10, 2023-05-15, rev 0x2c000271
sig 0x000806f4, pf_mask 0x10, 2023-05-15, rev 0x2c000271
sig 0x00090672, pf_mask 0x07, 2023-04-18, rev 0x002e, size 220160
sig 0x00090675, pf_mask 0x07, 2023-04-18, rev 0x002e
sig 0x000b06f2, pf_mask 0x07, 2023-04-18, rev 0x002e
sig 0x000b06f5, pf_mask 0x07, 2023-04-18, rev 0x002e
sig 0x000906a3, pf_mask 0x80, 2023-04-18, rev 0x042c, size 219136
sig 0x000906a4, pf_mask 0x80, 2023-04-18, rev 0x042c
sig 0x000906e9, pf_mask 0x2a, 2023-02-23, rev 0x00f4, size 108544
sig 0x000906ea, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 104448
sig 0x000906eb, pf_mask 0x02, 2023-02-23, rev 0x00f4, size 106496
sig 0x000906ec, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 105472
sig 0x000906ed, pf_mask 0x22, 2023-02-27, rev 0x00fa, size 106496
sig 0x000a0652, pf_mask 0x20, 2023-02-23, rev 0x00f8, size 97280
sig 0x000a0653, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280
sig 0x000a0655, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280
sig 0x000a0660, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 97280
sig 0x000a0661, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 96256
sig 0x000a0671, pf_mask 0x02, 2023-02-26, rev 0x0059, size 104448
sig 0x000b0671, pf_mask 0x32, 2023-06-06, rev 0x0119, size 210944
sig 0x000b06a2, pf_mask 0xe0, 2023-06-06, rev 0x4119, size 216064
sig 0x000b06a3, pf_mask 0xe0, 2023-06-06, rev 0x4119
sig 0x000b06e0, pf_mask 0x11, 2023-04-12, rev 0x0011, size 136192
* source: update symlinks to reflect id of the latest release, 20230808
Checksums-Sha1:
caa0c27b67d334b5eca7dfd7acc650f24e0d28d5 1798 intel-microcode_3.20230808.1.dsc
337140bd6df6661ca1674a060d4040fe2330fe56 7184356 intel-microcode_3.20230808.1.tar.xz
303e51932a7de92215dcc33e15e14f2961c48dc1 6571 intel-microcode_3.20230808.1_amd64.buildinfo
Checksums-Sha256:
27f4653beb8f43e5e5fd916ee20cb93857460472c9415ba3aeedc18f9258a259 1798 intel-microcode_3.20230808.1.dsc
29e77c275b3f60a691832c0844f70effbd94a4594d04af21e0c2e6e0c1ac1894 7184356 intel-microcode_3.20230808.1.tar.xz
b6df2d1ed2b485f39534f95df520798ae1762841ae6f9ebca82beef29e98e9e5 6571 intel-microcode_3.20230808.1_amd64.buildinfo
Files:
cabb17a00075dcddc69aa274a2e73cfa 1798 non-free-firmware/admin standard intel-microcode_3.20230808.1.dsc
3ca6fb74f6827d01d17e1b3ccdcd18a5 7184356 non-free-firmware/admin standard intel-microcode_3.20230808.1.tar.xz
9d0e4a45fd88c8ac6568ea32b03521fb 6571 non-free-firmware/admin standard intel-microcode_3.20230808.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEIXEYtQeAQUHyKjs9TkVcVzAplOQFAmTSydYACgkQTkVcVzAp
lORBlw/8CAelr2E6sg3CGu2K/csKdM/EJWOqx1EKsUPFW7+Ng7ZIhxVsHlkJliBa
K/a957QtF1c54jIDDFvx6H+6IWPSplPuFYygnRLSGTSp+mVqDSRfeQhnVdrj9pYf
c8JoloByoEmEkjTw5PsWso5xU8k4P6D7+84ROaVt6hORl1cZ35ffY/08sH7GWvig
W3ovq7gVqINnwuS3l7x6lyXTv6r9kTtEjPj071eZiSYGECc9x6OeKlFjYGtMLN5h
OK7GznoroeX2sHwptRXB0P3fIumI1O5Hb02e1xmVb/cofio/btootOMxkNXRqPGB
Us/3zZlBb5OliudDNN2ozEMuVerudr1AjHolV6qi/gupCkDusdCYDePxB4snxh4a
rEJxchFHkYNr5nV189yWga4aRSho0cKm0CVcUnud3Rsm86lbk8B0PHXlgb+1RUIZ
gA0DB3Jo6WjVTFi/TAnviEjj1pA22OTckDZTaLFHItbhl8s/I2ATmuCrOY5yMQrO
Vyp/1w1Sdxf41tiHEpjVs0UputwDq61AYOY1C3mrqjO/HbWVrruhRHtWmbNbylQY
XGyM1boSWwJFqzxg8PmHrR/N4u02IaUSTF+rkkhEYP+771CYMV0NDWW8gZ9I8tbt
4f6CLrcMHBUmh7g95Z7MbX1ymkAFeAyR7WwJ8zpv/TMjkVPYmy8=
=RXRQ
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Aug 9 17:49:20 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon