From a2ee5c6bcadf3b27665c464174ba781eaeb0d37c Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Wed, 14 Dec 2022 20:58:25 +0100 Subject: [PATCH] package/intel-microcode: security bump version to 20221108 Fixes the following security issues: - CVE-2021-0146: Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html - CVE-2021-0127: Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html - CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html - CVE-2022-0005: Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html - CVE-2022-21233: Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html For more details, see the release notes: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/main/releasenote.md Signed-off-by: Bernd Kuhls [Peter: extend commit message with security fix details] Signed-off-by: Peter Korsgaard (cherry picked from commit f83377b7b30c82da363c7937f693fe979318f598) Signed-off-by: Peter Korsgaard --- package/intel-microcode/intel-microcode.hash | 2 +- package/intel-microcode/intel-microcode.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/intel-microcode/intel-microcode.hash b/package/intel-microcode/intel-microcode.hash index 6687d4c0eb..56f0237277 100644 --- a/package/intel-microcode/intel-microcode.hash +++ b/package/intel-microcode/intel-microcode.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 fd85b6b769efd029dec6a2c07106fd18fb4dcb548b7bc4cde09295a8344ef6d7 intel-microcode-20210608.tar.gz +sha256 8d14a914815f56c27b1f41be0fd699d1afcfdbc05432056427e455100798975e intel-microcode-20221108.tar.gz sha256 03efb1491c7e899feb2665fa299363e64035e5444c1b8bc1f6ebed30de964e12 license diff --git a/package/intel-microcode/intel-microcode.mk b/package/intel-microcode/intel-microcode.mk index af7f6fa804..787537da78 100644 --- a/package/intel-microcode/intel-microcode.mk +++ b/package/intel-microcode/intel-microcode.mk @@ -4,7 +4,7 @@ # ################################################################################ -INTEL_MICROCODE_VERSION = 20210608 +INTEL_MICROCODE_VERSION = 20221108 INTEL_MICROCODE_SITE = $(call github,intel,Intel-Linux-Processor-Microcode-Data-Files,microcode-$(INTEL_MICROCODE_VERSION)) INTEL_MICROCODE_LICENSE = PROPRIETARY INTEL_MICROCODE_LICENSE_FILES = license