[Bug 1984166] Please test proposed package

Chris Halse Rogers 1984166 at bugs.launchpad.net
Fri Aug 26 00:37:10 UTC 2022 

Hello King, or anyone else affected,

Accepted intel-microcode into focal-proposed. The package will build now
and be available at https://launchpad.net/ubuntu/+source/intel-
microcode/3.20220809.0ubuntu0.20.04.1 in a few hours, and then in the
-proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
focal to verification-done-focal. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-focal. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: intel-microcode (Ubuntu Jammy)
       Status: New => Fix Committed

** Tags added: verification-needed-jammy

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to intel-microcode in Ubuntu.
https://bugs.launchpad.net/bugs/1984166

Title:
  Update to latest upstream 20220809 to fix CVE-2022-21233

Status in intel-microcode package in Ubuntu:
  Fix Released
Status in intel-microcode source package in Bionic:
  Fix Committed
Status in intel-microcode source package in Focal:
  Fix Committed
Status in intel-microcode source package in Jammy:
  Fix Committed
Status in intel-microcode source package in Kinetic:
  Fix Released

Bug description:
  [Impact]

  CVE-2022-21233
  Stale data may be returned as the result of unauthorized reads to the legacy xAPIC MMIO region. This issue is present only in the legacy xAPIC mode and doesn’t affect the x2APIC mode. This can be used to expose sensitive information in an SGX enclave.

  [Test Plan]

   * install the updated intel-microcode packages and reboot the system

  [Other Info]

  Intel released microcode-20220809 release
  (https://github.com/intel/Intel-Linux-Processor-Microcode-Data-
  Files/releases/tag/microcode-20220809)

  to address vulnerability

  - CVE-2022-21233 / intel-sa-00657

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1984166/+subscriptions

More information about the foundations-bugs mailing list