Package "amd64-microcode"

  amd64-microcode (3.20250311.1ubuntu0.24.10.1) oracular-security; urgency=medium

  * SECURITY UPDATE: Update package data from linux-firmware 20250311
    - New AMD microcodes (20241121):
      Family=0x17 Model=0x60 Stepping=0x01: Patch=0x0860010d
      Family=0x17 Model=0x68 Stepping=0x01: Patch=0x08608108
      Family=0x17 Model=0x71 Stepping=0x00: Patch=0x08701034
      Family=0x19 Model=0x08 Stepping=0x02: Patch=0x0a00820c
      Family=0x19 Model=0x18 Stepping=0x01: Patch=0x0a108108
      Family=0x19 Model=0x21 Stepping=0x00: Patch=0x0a20102d
      Family=0x19 Model=0x21 Stepping=0x02: Patch=0x0a201210
      Family=0x19 Model=0x44 Stepping=0x01: Patch=0x0a404107
      Family=0x19 Model=0x50 Stepping=0x00: Patch=0x0a500011
      Family=0x19 Model=0x61 Stepping=0x02: Patch=0x0a601209
      Family=0x19 Model=0x74 Stepping=0x01: Patch=0x0a704107
      Family=0x19 Model=0x75 Stepping=0x02: Patch=0x0a705206
      Family=0x19 Model=0x78 Stepping=0x00: Patch=0x0a708007
      Family=0x19 Model=0x7c Stepping=0x00: Patch=0x0a70c005
    - Updated microcodes:
      Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a0000a
    - New SEV firmware (20250221):
      Family 19h models a0h-afh: version 1.55 build 39
      Family 1ah models 00h-0fh: version 1.55 build 54
    - Updated SEV firmware:
      Family 17h models 30h-3fh: version 0.24 build 20
      Family 19h models 00h-0fh: version 1.55 build 29
      Family 19h models 10h-1fh: version 1.55 build 39
    - CVE-2024-56161 (AMD-SB-3019)
      Update remote attestation to be compatible with AMD systems with
      up-to-date firmware (i.e. which fixes "EntrySign"), and update
      AMD-SEV for AMD-SB-3019 mitigations.
    - CVE-2023-20584 (AMD-SB-3003)
      IOMMU improperly handles certain special address ranges with
      invalid device table entries (DTEs), which may allow an attacker
      with privileges and a compromised Hypervisor to induce DTE faults
      to bypass RMP checks in SEV-SNP, potentially leading to a loss of
      guest integrity.
    - CVE-2023-31356 (AMD-SB-3003)
      Incomplete system memory cleanup in SEV firmware could allow a
      privileged attacker to corrupt guest private memory, potentially
      resulting in a loss of data integrity.
  * Remaining changes:
    - initramfs-tools hook (debian/initramfs.hook):
      + Default to 'early' instead of 'auto' when building with
        MODULES=most
      + Do not override preset defaults from auto-exported conf
        snippets loaded by initramfs-tools.

 -- Eduardo Barretto <email address hidden> Tue, 27 May 2025 18:08:31 +0200

  amd64-microcode (3.20240116.2+nmu1ubuntu1.1) oracular-security; urgency=medium

  * SECURITY UPDATE: arbitrary code execution via improper MSR access
    - amd-ucode/microcode_amd_fam{17,19}h.bin{,.asc}: add updated AMD
      fam17h and fam19h CPU microcodes
    - Updated microcodes:
      Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126f Length=3200 bytes
      Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107c Length=3200 bytes
      Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a00107a Length=5568 bytes
      Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d5 Length=5568 bytes
      Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001238 Length=5568 bytes
      Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101148 Length=5568 bytes
      Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101248 Length=5568 bytes
      Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00215 Length=5568 bytes
    - CVE-2023-31315

 -- Alex Murray <email address hidden> Wed, 16 Oct 2024 15:38:44 +1030