[ubuntu/oracular-security] amd64-microcode 3.20250311.1ubuntu0.24.10.1 (Accepted)

Eduardo Barretto eduardo.barretto at canonical.com
Mon Jun 9 13:23:59 UTC 2025 

amd64-microcode (3.20250311.1ubuntu0.24.10.1) oracular-security; urgency=medium

  * SECURITY UPDATE: Update package data from linux-firmware 20250311
    - New AMD microcodes (20241121):
      Family=0x17 Model=0x60 Stepping=0x01: Patch=0x0860010d
      Family=0x17 Model=0x68 Stepping=0x01: Patch=0x08608108
      Family=0x17 Model=0x71 Stepping=0x00: Patch=0x08701034
      Family=0x19 Model=0x08 Stepping=0x02: Patch=0x0a00820c
      Family=0x19 Model=0x18 Stepping=0x01: Patch=0x0a108108
      Family=0x19 Model=0x21 Stepping=0x00: Patch=0x0a20102d
      Family=0x19 Model=0x21 Stepping=0x02: Patch=0x0a201210
      Family=0x19 Model=0x44 Stepping=0x01: Patch=0x0a404107
      Family=0x19 Model=0x50 Stepping=0x00: Patch=0x0a500011
      Family=0x19 Model=0x61 Stepping=0x02: Patch=0x0a601209
      Family=0x19 Model=0x74 Stepping=0x01: Patch=0x0a704107
      Family=0x19 Model=0x75 Stepping=0x02: Patch=0x0a705206
      Family=0x19 Model=0x78 Stepping=0x00: Patch=0x0a708007
      Family=0x19 Model=0x7c Stepping=0x00: Patch=0x0a70c005
    - Updated microcodes:
      Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a0000a
    - New SEV firmware (20250221):
      Family 19h models a0h-afh: version 1.55 build 39
      Family 1ah models 00h-0fh: version 1.55 build 54
    - Updated SEV firmware:
      Family 17h models 30h-3fh: version 0.24 build 20
      Family 19h models 00h-0fh: version 1.55 build 29
      Family 19h models 10h-1fh: version 1.55 build 39
    - CVE-2024-56161 (AMD-SB-3019)
      Update remote attestation to be compatible with AMD systems with
      up-to-date firmware (i.e. which fixes "EntrySign"), and update
      AMD-SEV for AMD-SB-3019 mitigations.
    - CVE-2023-20584 (AMD-SB-3003)
      IOMMU improperly handles certain special address ranges with
      invalid device table entries (DTEs), which may allow an attacker
      with privileges and a compromised Hypervisor to induce DTE faults
      to bypass RMP checks in SEV-SNP, potentially leading to a loss of
      guest integrity.
    - CVE-2023-31356 (AMD-SB-3003)
      Incomplete system memory cleanup in SEV firmware could allow a
      privileged attacker to corrupt guest private memory, potentially
      resulting in a loss of data integrity.
  * Remaining changes:
    - initramfs-tools hook (debian/initramfs.hook):
      + Default to 'early' instead of 'auto' when building with
        MODULES=most
      + Do not override preset defaults from auto-exported conf
        snippets loaded by initramfs-tools.

Date: 2025-06-02 14:02:17.124124+00:00
Changed-By: Eduardo Barretto <eduardo.barretto at canonical.com>
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20250311.1ubuntu0.24.10.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the oracular-changes mailing list