feat: update intel-microcode to 3.20250211.1

changelog

@@ -1,12 +1,122 @@
-2024-09-10:
-  * New upstream microcode datafile 20240910
+2025-02-11:
+  * New upstream microcode datafile 20250211
+    - Mitigations for INTEL-SA-01166 (CVE-2024-31068)
+      Improper Finite State Machines (FSMs) in Hardware Logic for some Intel
+      Processors may allow privileged user to potentially enable denial of
+      service via local access.
+    - Mitigations for INTEL-SA-01213 (CVE-2024-36293)
+      Improper access control in the EDECCSSA user leaf function for some
+      Intel Processors with Intel SGX may allow an authenticated user to
+      potentially enable denial of service via local access.  Intel disclosed
+      that some 9th Generation Intel Core processor models were already fixed
+      by a previous microcode update.
+    - Mitigations for INTEL-SA-01139 (CVE-2023-43758, CVE-2023-34440,
+      CVE-2024-24582, CVE-2024-29214, CVE-2024-28127, CVE-2024-39279,
+      CVE-2024-31157, CVE-2024-28047)
+      Improper input validation, insufficient granularity of access control,
+      and improper initialization issues in UEFI firmware for some Intel
+      processors may allow escalation of privilege, denial of service, or
+      information disclosure.  An UEFI firmware update is needed for complete
+      mitigation.
+    - Mitigations for INTEL-SA-01228 (CVE-2024-39355)
+      Improper handling of physical or environmental conditions in some 13th
+      and 14th Generation Intel Core Processors may allow an authenticated
+      user to enable denial of service via local access.  An UEFI firmware
+      update may be required for complete mitigation.
+    - Mitigations for INTEL-SA-01194 (CVE-2024-37020)
+      Sequence of processor instructions leads to unexpected behavior in the
+      Intel DSA V1.0 for some Intel Xeon Processors may allow an authenticated
+      user to potentially enable denial of service via local access.
+    - Fixes for unspecified functional issues on several processor models
+  * New microcodes or new extended signatures:
+    sig 0x000a06f3, pf_mask 0x01, 2024-11-22, rev 0x3000330, size 1533952
+    sig 0x000b06f6, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280
+    sig 0x000b06f7, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280
+    sig 0x000b0674, pf_mask 0x32, 2024-09-25, rev 0x012c, size 211968
+  * Updated microcodes:
+    sig 0x000606a6, pf_mask 0x87, 2024-08-02, rev 0xd0003f5, size 308224
+    sig 0x000606c1, pf_mask 0x10, 2024-08-08, rev 0x10002c0, size 300032
+    sig 0x000806f8, pf_mask 0x87, 2024-07-30, rev 0x2b000620, size 589824
+    sig 0x000806f7, pf_mask 0x87, 2024-07-30, rev 0x2b000620
+    sig 0x000806f6, pf_mask 0x87, 2024-07-30, rev 0x2b000620
+    sig 0x000806f5, pf_mask 0x87, 2024-07-30, rev 0x2b000620
+    sig 0x000806f4, pf_mask 0x87, 2024-07-30, rev 0x2b000620
+    sig 0x000806f8, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0, size 622592
+    sig 0x000806f6, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0
+    sig 0x000806f5, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0
+    sig 0x000806f4, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0
+    sig 0x00090672, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280
+    sig 0x00090675, pf_mask 0x07, 2024-08-01, rev 0x0038
+    sig 0x000b06f2, pf_mask 0x07, 2024-08-01, rev 0x0038
+    sig 0x000b06f5, pf_mask 0x07, 2024-08-01, rev 0x0038
+    sig 0x000906a3, pf_mask 0x80, 2024-08-01, rev 0x0436, size 223232
+    sig 0x000906a4, pf_mask 0x80, 2024-08-01, rev 0x0436
+    sig 0x000906a4, pf_mask 0x40, 2024-07-29, rev 0x0009, size 119808
+    sig 0x000906ea, pf_mask 0x22, 2024-07-28, rev 0x00fa, size 105472
+    sig 0x000906ed, pf_mask 0x22, 2024-07-31, rev 0x0102, size 106496
+    sig 0x000a0671, pf_mask 0x02, 2024-08-01, rev 0x0063, size 108544
+    sig 0x000b0671, pf_mask 0x32, 2024-09-25, rev 0x012c, size 211968
+    sig 0x000b06a2, pf_mask 0xe0, 2024-07-31, rev 0x4124, size 220160
+    sig 0x000b06a3, pf_mask 0xe0, 2024-07-31, rev 0x4124
+    sig 0x000b06a8, pf_mask 0xe0, 2024-07-31, rev 0x4124
+    sig 0x000b06e0, pf_mask 0x19, 2024-09-06, rev 0x001c, size 138240
+    sig 0x000c06f2, pf_mask 0x87, 2024-07-30, rev 0x21000291, size 560128
+    sig 0x000c06f1, pf_mask 0x87, 2024-07-30, rev 0x21000291
+
+2024-11-12:
+  * New upstream microcode datafile 20241112
+    - Mitigations for INTEL-SA-01101 (CVE-2024-21853)
+      Improper Finite State Machines (FSMs) in the Hardware logic in
+      some 4th and 5th Generation Intel Xeon Processors may allow an
+      authorized user to potentially enable denial of service via local
+      access.
+    - Mitigations for INTEL-SA-01079 (CVE-2024-23918)
+      Potential security vulnerabilities in some Intel Xeon processors
+      using Intel SGX may allow escalation of privilege.  Intel disclosed
+      that some processor models were already fixed by a previous microcode
+      update.
+    - Updated mitigations for INTEL-SA-01097 (CVE-2024-24968)
+      Improper finite state machines (FSMs) in hardware logic in some
+      Intel Processors may allow an privileged user to potentially enable a
+      denial of service via local access.
     - Mitigations for INTEL-SA-01103 (CVE-2024-23984)
       A potential security vulnerability in the Running Average Power Limit
       (RAPL) interface for some Intel Processors may allow information
-      disclosure.
+      disclosure.  Added mitigations for more processor models.
+  * Updated Microcodes:
+    sig 0x000806f8, pf_mask 0x87, 2024-06-20, rev 0x2b000603, size 588800
+    sig 0x000806f7, pf_mask 0x87, 2024-06-20, rev 0x2b000603
+    sig 0x000806f6, pf_mask 0x87, 2024-06-20, rev 0x2b000603
+    sig 0x000806f5, pf_mask 0x87, 2024-06-20, rev 0x2b000603
+    sig 0x000806f4, pf_mask 0x87, 2024-06-20, rev 0x2b000603
+    sig 0x00090672, pf_mask 0x07, 2024-05-29, rev 0x0037, size 224256
+    sig 0x00090675, pf_mask 0x07, 2024-05-29, rev 0x0037
+    sig 0x000b06f2, pf_mask 0x07, 2024-05-29, rev 0x0037
+    sig 0x000b06f5, pf_mask 0x07, 2024-05-29, rev 0x0037
+    sig 0x000906a3, pf_mask 0x80, 2024-06-03, rev 0x0435, size 223232
+    sig 0x000906a4, pf_mask 0x80, 2024-06-03, rev 0x0435
+    sig 0x000a06a4, pf_mask 0xe6, 2024-08-02, rev 0x0020, size 138240
+    sig 0x000b06a2, pf_mask 0xe0, 2024-05-29, rev 0x4123, size 220160
+    sig 0x000b06a3, pf_mask 0xe0, 2024-05-29, rev 0x4123
+    sig 0x000b06a8, pf_mask 0xe0, 2024-05-29, rev 0x4123
+    sig 0x000c06f2, pf_mask 0x87, 2024-06-20, rev 0x21000283, size 560128
+    sig 0x000c06f1, pf_mask 0x87, 2024-06-20, rev 0x21000283
+
+2024-10-29:
+  * New upstream microcode datafile 20241029
+    - Fixes errata RPL061: Incorrect Internal Voltage Request May Lead to
+      Unpredictable System Behavior.  This errata could eventually cause
+      permanent hardware damage to the processor.  This fix is only active
+      when the microcode update is loaded from FIT (i.e. in firmware).
+  * Updated Microcodes:
+    sig 0x000b0671, pf_mask 0x32, 2024-08-29, rev 0x012b, size 211968
+
+2024-09-10:
+  * New upstream microcode datafile 20240910
     - Mitigations for INTEL-SA-01097 (CVE-2024-24968)
-      A potential security vulnerability in some Intel Processors may allow
-      denial of service.
+      Improper finite state machines (FSMs) in hardware logic in some
+      Intel Processors may allow an privileged user to potentially enable a
+      denial of service via local access.
     - Fixes for unspecified functional issues on several processor models
     - The processor voltage limit issue on Core 13rd/14th gen REQUIRES A
       FIRMWARE UPDATE.  It is present in this release for sig 0xb0671, but
@@ -52,6 +162,23 @@
       allow an authenticated user to potentially enable escalation of
       privilege via local access.  Intel disclosed that some processor models
       were already fixed by the previous microcode update.
+    - Mitigations for INTEL-SA-01079 (CVE-2024-23918)
+      Potential security vulnerabilities in some Intel Xeon processors
+      using Intel SGX may allow escalation of privilege.  Intel released this
+      information during the full disclosure for the 20241112 update.
+      Processor signatures 0x606a6 and 0x606c1.
+    - Mitigations for INTEL-SA-01103 (CVE-2024-23984)
+      A potential security vulnerability in the Running Average Power Limit
+      (RAPL) interface for some Intel Processors may allow information
+      disclosure.  Intel released this information during the full disclosure
+      for the 20240910 update.  Processor signatures 0x5065b, 0x606a6,
+      0x606c1.
+    - Mitigations for INTEL-SA-01213 (CVE-2024-36293)
+      Improper access control in the EDECCSSA user leaf function for some
+      Intel Processors with Intel SGX may allow an authenticated user to
+      potentially enable denial of service via local access.  Intel released
+      this information during the full disclosure for the 20250211 update.
+      Processor signature 0x906ec (9th Generation Intel Core processor).
     - Fix for unspecified functional issues on several processor models
     - Fix for errata TGL068/ADL075/ICL088/... "Processor may hang during a
       microcode update".  It is not clear which processors were fixed by this

debian/changelog

@@ -1,26 +1,139 @@
-intel-microcode (3.20241112.1+0deepin) unstable; urgency=medium
-
-  * New upstream microcode 20241112. 
-
- -- lichenggang <lichenggang@deepin.org>  Fri, 15 Nov 2024 17:43:59 +0800
-
-intel-microcode (3.20241029.1+0deepin) unstable; urgency=medium
+intel-microcode (3.20250211.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20250211 (closes: #1095805)
+    - Mitigations for INTEL-SA-01166 (CVE-2024-31068)
+      Improper Finite State Machines (FSMs) in Hardware Logic for some Intel
+      Processors may allow privileged user to potentially enable denial of
+      service via local access.
+    - Mitigations for INTEL-SA-01213 (CVE-2024-36293)
+      Improper access control in the EDECCSSA user leaf function for some
+      Intel Processors with Intel SGX may allow an authenticated user to
+      potentially enable denial of service via local access.  Intel disclosed
+      that some 9th Generation Intel Core processor models were already fixed
+      by a previous microcode update.
+    - Mitigations for INTEL-SA-01139 (CVE-2023-43758, CVE-2023-34440,
+      CVE-2024-24582, CVE-2024-29214, CVE-2024-28127, CVE-2024-39279,
+      CVE-2024-31157, CVE-2024-28047)
+      Improper input validation, insufficient granularity of access control,
+      and improper initialization issues in UEFI firmware for some Intel
+      processors may allow escalation of privilege, denial of service, or
+      information disclosure.  An UEFI firmware update is needed for complete
+      mitigation.
+    - Mitigations for INTEL-SA-01228 (CVE-2024-39355)
+      Improper handling of physical or environmental conditions in some 13th
+      and 14th Generation Intel Core Processors may allow an authenticated
+      user to enable denial of service via local access.  An UEFI firmware
+      update may be required for complete mitigation.
+    - Mitigations for INTEL-SA-01194 (CVE-2024-37020)
+      Sequence of processor instructions leads to unexpected behavior in the
+      Intel DSA V1.0 for some Intel Xeon Processors may allow an authenticated
+      user to potentially enable denial of service via local access.
+    - Fixes for unspecified functional issues on several processor models
+  * New microcodes or new extended signatures:
+    sig 0x000a06f3, pf_mask 0x01, 2024-11-22, rev 0x3000330, size 1533952
+    sig 0x000b06f6, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280
+    sig 0x000b06f7, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280
+    sig 0x000b0674, pf_mask 0x32, 2024-09-25, rev 0x012c, size 211968
+  * Updated microcodes:
+    sig 0x000606a6, pf_mask 0x87, 2024-08-02, rev 0xd0003f5, size 308224
+    sig 0x000606c1, pf_mask 0x10, 2024-08-08, rev 0x10002c0, size 300032
+    sig 0x000806f8, pf_mask 0x87, 2024-07-30, rev 0x2b000620, size 589824
+    sig 0x000806f7, pf_mask 0x87, 2024-07-30, rev 0x2b000620
+    sig 0x000806f6, pf_mask 0x87, 2024-07-30, rev 0x2b000620
+    sig 0x000806f5, pf_mask 0x87, 2024-07-30, rev 0x2b000620
+    sig 0x000806f4, pf_mask 0x87, 2024-07-30, rev 0x2b000620
+    sig 0x000806f8, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0, size 622592
+    sig 0x000806f6, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0
+    sig 0x000806f5, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0
+    sig 0x000806f4, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0
+    sig 0x00090672, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280
+    sig 0x00090675, pf_mask 0x07, 2024-08-01, rev 0x0038
+    sig 0x000b06f2, pf_mask 0x07, 2024-08-01, rev 0x0038
+    sig 0x000b06f5, pf_mask 0x07, 2024-08-01, rev 0x0038
+    sig 0x000906a3, pf_mask 0x80, 2024-08-01, rev 0x0436, size 223232
+    sig 0x000906a4, pf_mask 0x80, 2024-08-01, rev 0x0436
+    sig 0x000906a4, pf_mask 0x40, 2024-07-29, rev 0x0009, size 119808
+    sig 0x000906ea, pf_mask 0x22, 2024-07-28, rev 0x00fa, size 105472
+    sig 0x000906ed, pf_mask 0x22, 2024-07-31, rev 0x0102, size 106496
+    sig 0x000a0671, pf_mask 0x02, 2024-08-01, rev 0x0063, size 108544
+    sig 0x000b0671, pf_mask 0x32, 2024-09-25, rev 0x012c, size 211968
+    sig 0x000b06a2, pf_mask 0xe0, 2024-07-31, rev 0x4124, size 220160
+    sig 0x000b06a3, pf_mask 0xe0, 2024-07-31, rev 0x4124
+    sig 0x000b06a8, pf_mask 0xe0, 2024-07-31, rev 0x4124
+    sig 0x000b06e0, pf_mask 0x19, 2024-09-06, rev 0x001c, size 138240
+    sig 0x000c06f2, pf_mask 0x87, 2024-07-30, rev 0x21000291, size 560128
+    sig 0x000c06f1, pf_mask 0x87, 2024-07-30, rev 0x21000291
+  * source: update symlinks to reflect id of the latest release, 20250211
+  * Update changelog for 3.20240813.1 with new information
 
-  * New upstream microcode 20241029.
-  * Update for functional issues. Refer to 14th/13th Generation Intel® Core™ Processor Specification Update for details.
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 16 Feb 2025 18:34:38 -0300
+
+intel-microcode (3.20241112.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20241112 (closes: #1086483)
+    - Mitigations for INTEL-SA-01101 (CVE-2024-21853)
+      Improper Finite State Machines (FSMs) in the Hardware logic in some
+      4th and 5th Generation Intel Xeon Processors may allow an authorized
+      user to potentially enable denial of service via local access.
+    - Mitigations for INTEL-SA-01079 (CVE-2024-23918)
+      Potential security vulnerabilities in some Intel Xeon processors
+      using Intel SGX may allow escalation of privilege.  Intel disclosed
+      that some processor models were already fixed by a previous
+      microcode update.
+    - Updated mitigations for INTEL-SA-01097 (CVE-2024-24968)
+      Improper finite state machines (FSMs) in hardware logic in some
+      Intel Processors may allow an privileged user to potentially enable a
+      denial of service via local access.
+    - Mitigations for INTEL-SA-01103 (CVE-2024-23984)
+      A potential security vulnerability in the Running Average Power Limit
+      (RAPL) interface for some Intel Processors may allow information
+      disclosure.  Added mitigations for more processor models.
+  * Updated Microcodes:
+    sig 0x000806f8, pf_mask 0x87, 2024-06-20, rev 0x2b000603, size 588800
+    sig 0x000806f7, pf_mask 0x87, 2024-06-20, rev 0x2b000603
+    sig 0x000806f6, pf_mask 0x87, 2024-06-20, rev 0x2b000603
+    sig 0x000806f5, pf_mask 0x87, 2024-06-20, rev 0x2b000603
+    sig 0x000806f4, pf_mask 0x87, 2024-06-20, rev 0x2b000603
+    sig 0x00090672, pf_mask 0x07, 2024-05-29, rev 0x0037, size 224256
+    sig 0x00090675, pf_mask 0x07, 2024-05-29, rev 0x0037
+    sig 0x000b06f2, pf_mask 0x07, 2024-05-29, rev 0x0037
+    sig 0x000b06f5, pf_mask 0x07, 2024-05-29, rev 0x0037
+    sig 0x000906a3, pf_mask 0x80, 2024-06-03, rev 0x0435, size 223232
+    sig 0x000906a4, pf_mask 0x80, 2024-06-03, rev 0x0435
+    sig 0x000a06a4, pf_mask 0xe6, 2024-08-02, rev 0x0020, size 138240
+    sig 0x000b06a2, pf_mask 0xe0, 2024-05-29, rev 0x4123, size 220160
+    sig 0x000b06a3, pf_mask 0xe0, 2024-05-29, rev 0x4123
+    sig 0x000b06a8, pf_mask 0xe0, 2024-05-29, rev 0x4123
+    sig 0x000c06f2, pf_mask 0x87, 2024-06-20, rev 0x21000283, size 560128
+    sig 0x000c06f1, pf_mask 0x87, 2024-06-20, rev 0x21000283
+  * source: update symlinks to reflect id of the latest release, 20241112
+  * Update changelog for 3.20240910.1 and 3.20240813.1 with new information:
+    INTEL-SA-1103 was addressed by 3.20240813.1 for some processor models,
+    and not by 3.20240910. INTEL-SA-1079 was addressed by 3.20240910.1 for
+    some processor models.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 14 Nov 2024 15:37:40 -0300
+
+intel-microcode (3.20241029.1) UNRELEASED; urgency=medium
+
+  * New upstream microcode datafile 20241029
+    - Not relevant for operating system microcode updates
+    - Only when loaded from firmware, this update fixes the critical,
+      potentially hardware-damaging errata RPL061: Incorrect Internal
+      Voltage Request on Raptor Lake (Core 13th/14th gen) Intel
+      processors.
+  * Updated Microcodes:
+    sig 0x000b0671, pf_mask 0x32, 2024-08-29, rev 0x012b, size 211968
 
- -- lichenggang <lichenggang@deepin.org>  Wed, 30 Oct 2024 13:17:41 +0800
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 14 Nov 2024 14:49:03 -0300
 
 intel-microcode (3.20240910.1) unstable; urgency=medium
 
   * New upstream microcode datafile 20240910 (closes: #1081363)
-    - Mitigations for INTEL-SA-01103 (CVE-2024-23984)
-      A potential security vulnerability in the Running Average Power Limit
-      (RAPL) interface for some Intel Processors may allow information
-      disclosure.
     - Mitigations for INTEL-SA-01097 (CVE-2024-24968)
-      A potential security vulnerability in some Intel Processors may allow
-      denial of service.
+      Improper finite state machines (FSMs) in hardware logic in some
+      Intel Processors may allow an privileged user to potentially enable a
+      denial of service via local access.
     - Fixes for unspecified functional issues on several processor models
     - The processor voltage limit issue on Core 13rd/14th gen REQUIRES A
       FIRMWARE UPDATE.  It is present in this release for sig 0xb0671, but
@@ -79,10 +192,27 @@ intel-microcode (3.20240813.1) unstable; urgency=medium
       allow an authenticated user to potentially enable escalation of
       privilege via local access.  Intel disclosed that some processor models
       were already fixed by the previous microcode update.
+    - Mitigations for INTEL-SA-01079 (CVE-2024-23918)
+      Potential security vulnerabilities in some Intel Xeon processors
+      using Intel SGX may allow escalation of privilege.  Intel released this
+      information during the full disclosure for the 20241112 update.
+      Processor signatures 0x606a6 and 0x606c1.
+    - Mitigations for INTEL-SA-01103 (CVE-2024-23984)
+      A potential security vulnerability in the Running Average Power Limit
+      (RAPL) interface for some Intel Processors may allow information
+      disclosure. Intel released this information during the full disclosure
+      for the 20240910 update.  Processor signatures 0x5065b, 0x606a6,
+      0x606c1.
     - Fix for unspecified functional issues on several processor models
     - Fix for errata TGL068/ADL075/ICL088/... "Processor may hang during a
       microcode update".  It is not clear which processors were fixed by this
       release, or by one of the microcode updates from 2024-05.
+    - Mitigations for INTEL-SA-01213 (CVE-2024-36293)
+      Improper access control in the EDECCSSA user leaf function for some
+      Intel Processors with Intel SGX may allow an authenticated user to
+      potentially enable denial of service via local access.  Intel released
+      this information during the full disclosure for the 20250211 update.
+      Processor signature 0x906ec (9th Generation Intel Core processor).
   * Updated microcodes:
     sig 0x00050657, pf_mask 0xbf, 2024-03-01, rev 0x5003707, size 39936
     sig 0x0005065b, pf_mask 0xbf, 2024-04-01, rev 0x7002904, size 30720