Package "amd64-microcode"
| Name: |
amd64-microcode
|
Description: |
Platform firmware and microcode for AMD CPUs and SoCs
|
| Latest version: |
3.20251202.1ubuntu0.24.04.1 |
| Release: |
noble (24.04) |
| Level: |
updates |
| Repository: |
main |
Links
Download "amd64-microcode"
Other versions of "amd64-microcode" in Noble
Changelog
|
amd64-microcode (3.20251202.1ubuntu0.24.04.1) noble-security; urgency=medium
[ Henrique de Moraes Holschuh ]
* Update package data from linux-firmware 20251202
* ATTENTION: regression risk if backported to stable or LTS.
The amd processor microcode updates in this release will not load on
systems with outdated BIOS vulnerable to "Entrysign" unless a number of
kernel patches are present.
* amd-tee: update AMD PMF TA Firmware to v3.1.
* amd-ucode: update with release 2025-12-02:
+ SECURITY UPDATE (AMD-SB-7055 / CVE-2025-62626)
Fix RDSEED Failure on more AMD Zen 5 Processor models
(closes: #1120005)
* amd-ucode: update with release 2025-11-13:
+ SECURITY UPDATE (AMD-SB-7055 / CVE-2025-62626)
Fix RDSEED Failure on more AMD Zen 5 Processor models
* amd-ucode: update with release 2025-10-30:
+ SECURITY UPDATE (AMD-SB-7055 / CVE-2025-62626)
Fix RDSEED Failure on some AMD Zen 5 Processor models
+ amd-ucode: update with release 2025-10-27:
* This is the final microcode release for systems that have not
been updated to fix vulnerability AMD-SB-7033 "Entrysign").
* A kernel update is needed for the microcode driver to be able
to select the appropriate microcode updates for outdated system
firmware vulnerable to "Entrysign".
* On non-updated kernels, this will potentially *regress* the
microcode version on the running system back to the one in the
(outdated, unpatched-for-Entrysign) BIOS.
+ amd-ucode: update with release 2025-07-29:
+ SECURITY UPDATE (AMD-SB-7029: CVE-2024-36350, CVE-2024-36357):
Mitigate transient execution vulnerabilities in some AMD processors
which might allow an attacker to infer data from previous stores
(TSA-SQ) or data in the L1D cache (TSA-L1), potentially resulting in
the leakage of privileged information and sensitive information across
priviledged boundaries (closes: #1109035)
* NOTE: Requires kernel and hypervisor changes for the security
mitigations to be applied (issue VERW instruction at appropriate
times).
* NEWS.Debian: update for post-Entrysign microcode updates
Document that kernel patches are needed to avoid regressing the microcode
release on vulnerable Zen2/3/4 systems (family 0x19), and also that these
systems will not receive any future microcode updates.
[ Rodrigo Figueiredo Zaiden ]
* Remaining changes:
- debian/initramfs.hook: initramfs-tools hook:
+ Default to 'early' instead of 'auto' when building with
MODULES=most
+ Do not override preset defaults from auto-exported conf
snippets loaded by initramfs-tools.
-- Rodrigo Figueiredo Zaiden <email address hidden> Tue, 23 Jun 2026 10:53:03 -0300
|
| Source diff to previous version |
| 1120005 |
amd64-microcode: CVE-2025-62626 |
| 1109035 |
amd64-microcode: 2024-36350/TSA-SQ and CVE-2024-36357/TSA-L1 |
| CVE-2025-62626 |
Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, po |
| CVE-2024-36350 |
A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the lea |
| CVE-2024-36357 |
A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage |
|
|
amd64-microcode (3.20250311.1ubuntu0.24.04.1) noble-security; urgency=medium
* SECURITY UPDATE: Update package data from linux-firmware 20250311
- New AMD microcodes (20241121):
Family=0x17 Model=0x60 Stepping=0x01: Patch=0x0860010d
Family=0x17 Model=0x68 Stepping=0x01: Patch=0x08608108
Family=0x17 Model=0x71 Stepping=0x00: Patch=0x08701034
Family=0x19 Model=0x08 Stepping=0x02: Patch=0x0a00820c
Family=0x19 Model=0x18 Stepping=0x01: Patch=0x0a108108
Family=0x19 Model=0x21 Stepping=0x00: Patch=0x0a20102d
Family=0x19 Model=0x21 Stepping=0x02: Patch=0x0a201210
Family=0x19 Model=0x44 Stepping=0x01: Patch=0x0a404107
Family=0x19 Model=0x50 Stepping=0x00: Patch=0x0a500011
Family=0x19 Model=0x61 Stepping=0x02: Patch=0x0a601209
Family=0x19 Model=0x74 Stepping=0x01: Patch=0x0a704107
Family=0x19 Model=0x75 Stepping=0x02: Patch=0x0a705206
Family=0x19 Model=0x78 Stepping=0x00: Patch=0x0a708007
Family=0x19 Model=0x7c Stepping=0x00: Patch=0x0a70c005
- Updated microcodes:
Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a0000a
- New SEV firmware (20250221):
Family 19h models a0h-afh: version 1.55 build 39
Family 1ah models 00h-0fh: version 1.55 build 54
- Updated SEV firmware:
Family 17h models 30h-3fh: version 0.24 build 20
Family 19h models 00h-0fh: version 1.55 build 29
Family 19h models 10h-1fh: version 1.55 build 39
- CVE-2024-56161 (AMD-SB-3019)
Update remote attestation to be compatible with AMD systems with
up-to-date firmware (i.e. which fixes "EntrySign"), and update
AMD-SEV for AMD-SB-3019 mitigations.
- CVE-2023-20584 (AMD-SB-3003)
IOMMU improperly handles certain special address ranges with
invalid device table entries (DTEs), which may allow an attacker
with privileges and a compromised Hypervisor to induce DTE faults
to bypass RMP checks in SEV-SNP, potentially leading to a loss of
guest integrity.
- CVE-2023-31356 (AMD-SB-3003)
Incomplete system memory cleanup in SEV firmware could allow a
privileged attacker to corrupt guest private memory, potentially
resulting in a loss of data integrity.
* Adds amdtee firmware
* Remaining changes:
- initramfs-tools hook (debian/initramfs.hook):
+ Default to 'early' instead of 'auto' when building with
MODULES=most
+ Do not override preset defaults from auto-exported conf
snippets loaded by initramfs-tools.
-- Eduardo Barretto <email address hidden> Wed, 28 May 2025 18:22:22 +0200
|
| Source diff to previous version |
| CVE-2024-56161 |
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU |
| CVE-2023-20584 |
IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a c |
| CVE-2023-31356 |
Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss o |
|
|
amd64-microcode (3.20231019.1ubuntu2.1) noble-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via improper MSR access
- amd-ucode/microcode_amd_fam{17,19}h.bin{,.asc}: add updated AMD
fam17h and fam19h CPU microcodes
- Updated microcodes:
Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126f Length=3200 bytes
Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107c Length=3200 bytes
Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a00107a Length=5568 bytes
Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d5 Length=5568 bytes
Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001238 Length=5568 bytes
Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101148 Length=5568 bytes
Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101248 Length=5568 bytes
Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00215 Length=5568 bytes
- CVE-2023-31315
-- Alex Murray <email address hidden> Wed, 16 Oct 2024 15:45:37 +1030
|
| CVE-2023-31315 |
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock i |
|
About
-
Send Feedback to @ubuntu_updates
