Your message dated Mon, 24 Mar 2025 01:04:58 +0000
with message-id <[email protected]>
and subject line Bug#1095470: fixed in amd64-microcode 3.20250311.1
has caused the Debian Bug report #1095470,
regarding amd64-microcode: CVE-2024-56161 updated AMD-SEV FW needed to pass
attestation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1095470: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095470
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: amd64-microcode
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for amd64-microcode.
CVE-2024-56161[0]:
| Improper signature verification in AMD CPU ROM microcode patch
| loader may allow an attacker with local administrator privilege to
| load malicious CPU microcode resulting in loss of confidentiality
| and integrity of a confidential guest running under AMD SEV-SNP.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-56161
https://www.cve.org/CVERecord?id=CVE-2024-56161
Please adjust the affected versions in the BTS as needed.
Regards,
Markus
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Source: amd64-microcode
Source-Version: 3.20250311.1
Done: Henrique de Moraes Holschuh <[email protected]>
We believe that the bug you reported is fixed in the latest version of
amd64-microcode, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Henrique de Moraes Holschuh <[email protected]> (supplier of updated
amd64-microcode package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 23 Mar 2025 21:13:20 -0300
Source: amd64-microcode
Architecture: source
Version: 3.20250311.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <[email protected]>
Changed-By: Henrique de Moraes Holschuh <[email protected]>
Closes: 1095470
Changes:
amd64-microcode (3.20250311.1) unstable; urgency=medium
.
* Update package data from linux-firmware 20250311
* New AMD-SEV firmware from AMD upstream (20250221)
* SECURITY UPDATE (AMD-SB-3019 / CVE-2024-56161):
Update remote attestation to be compatible with AMD systems with
up-to-date firmware (i.e. which fixes "EntrySign"), and update
AMD-SEV for AMD-SB-3019 mitigations. Note that this AMD-SEV
update DOES NOT FIX the microcode "EntrySign" vulnerability.
(closes: #1095470)
+ Updated SEV firmware:
Family 17h models 30h-3fh: version 0.24 build 20
Family 19h models 00h-0fh: version 1.55 build 29
Family 19h models 10h-1fh: version 1.55 build 39
Family 19h models a0h-afh: version 1.55 build 39
+ New SEV firmware:
Family 1ah models 00h-0fh: version 1.55 build 54
* New AMD microcode updates from AMD upstream (20241121)
+ Add patches for many (non-server) family 19h processors
* Updated Microcode patches:
+ Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a0000a
* New Microcode patches:
+ Family=0x17 Model=0x60 Stepping=0x01: Patch=0x0860010d
+ Family=0x17 Model=0x68 Stepping=0x01: Patch=0x08608108
+ Family=0x17 Model=0x71 Stepping=0x00: Patch=0x08701034
+ Family=0x19 Model=0x08 Stepping=0x02: Patch=0x0a00820c
+ Family=0x19 Model=0x18 Stepping=0x01: Patch=0x0a108108
+ Family=0x19 Model=0x21 Stepping=0x00: Patch=0x0a20102d
+ Family=0x19 Model=0x21 Stepping=0x02: Patch=0x0a201210
+ Family=0x19 Model=0x44 Stepping=0x01: Patch=0x0a404107
+ Family=0x19 Model=0x50 Stepping=0x00: Patch=0x0a500011
+ Family=0x19 Model=0x61 Stepping=0x02: Patch=0x0a601209
+ Family=0x19 Model=0x74 Stepping=0x01: Patch=0x0a704107
+ Family=0x19 Model=0x75 Stepping=0x02: Patch=0x0a705206
+ Family=0x19 Model=0x78 Stepping=0x00: Patch=0x0a708007
+ Family=0x19 Model=0x7c Stepping=0x00: Patch=0x0a70c005
Checksums-Sha1:
66216cbf90e06dcc51075121dc381717f138530e 1695 amd64-microcode_3.20250311.1.dsc
5e9d97bd2ca714117af4ad89ac865e6918f3257c 282896
amd64-microcode_3.20250311.1.tar.xz
34575a584f1fc40e76c1520d2404c8f008db10f1 6470
amd64-microcode_3.20250311.1_amd64.buildinfo
Checksums-Sha256:
81571b20245caf7ef0bd29995a7f55c7e031087069b816fe4a451a4a9716a40a 1695
amd64-microcode_3.20250311.1.dsc
dbf62285e81b03a684f519802449e7ff0e51fbeb26e769ae08d41aba3d520a20 282896
amd64-microcode_3.20250311.1.tar.xz
bb6b8954f338d8a60a4c22d3ef04821829481a7f908b97157b1ecfc8059a11dc 6470
amd64-microcode_3.20250311.1_amd64.buildinfo
Files:
a4f5c5926a5ff8f32073b7573361f871 1695 non-free-firmware/admin standard
amd64-microcode_3.20250311.1.dsc
08cd1609a0d186aed54716c96945c717 282896 non-free-firmware/admin standard
amd64-microcode_3.20250311.1.tar.xz
709202c82fa0226fd754200e503cadb9 6470 non-free-firmware/admin standard
amd64-microcode_3.20250311.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEpvbMGUAhfu+gsYOwlOXoPKamj0cFAmfgpj4ACgkQlOXoPKam
j0dB1BAAy1LUUSUsh1Zbu+f+OGp/nvsajBOEpgwLRDhp69ZravynbS26qWCEWTc6
2JjeLMtLHRYpa6VDGSHvAQ6/DdCx+ZeFJHrZKukahs0LWZqphV2/+gKSon+idwX3
aKR/c6vIRR8KTz+G2hL1IKD0+gWC2dCCtHzuedFWx+MfyeMf0h4+DOmfKxrlbrc2
ABxaprg0wZWTPL7dUyIykmbDuWD43/GP863eEKF1rgVgytBwmvPEo2YfYFemajxJ
wQlMEy4zY/UP7pah9OkHZ7r2T8ew3Zix2+DzzUiWVMmzIqTYDX1U1AvJhiEUjz0O
m+iG4/19YzYEVS+HNzuBi87P4qtSp06wuC11SyFKtrJo6BjdSweY4mrLSJmBBmxM
CN5cXBfKA9g2M1loMkC0cetbqbAXP/Up01mscJNkyFQ+zLyZET6Q9eWcXUdjGjnC
z0xFHTdPN7HPbFGOQvSJ4SBTu4TueFgju0P14v9ApxJCY5yuGxBEEapTLyzx/qcK
ynVmuBFQXBBKSgVMd2fjPaJay8jATQkrmOYJDe2WZHUmHi4Sv3o6L5mh4otgR+V5
pFvfUVOzydWpVYTL1u9eBTOLdFmO3Kah3o7AcSs8Hsgs+Q4hpFhVsi1hiZQtn8/O
sbR9UDIlgiPPqeTN4xgNGF+UwRQ8ihE71EICsYB1L3JgchbRMVY=
=0hQQ
-----END PGP SIGNATURE-----
pgpIDY4SXCKbl.pgp
Description: PGP signature
--- End Message ---