Bug#1078742: marked as done (intel-microcode: CVE-2024-25939 CVE-2024-24980 CVE-2024-24853 CVE-2023-49141 CVE-2023-42667)

[Debian Bug Tracking System]

Your message dated Thu, 15 Aug 2024 18:51:02 +0000
with message-id <e1sefys-000bdw...@fasolo.debian.org>
and subject line Bug#1078742: fixed in intel-microcode 3.20240813.1
has caused the Debian Bug report #1078742,
regarding intel-microcode: CVE-2024-25939 CVE-2024-24980 CVE-2024-24853 
CVE-2023-49141 CVE-2023-42667
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1078742: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078742
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: intel-microcode
Version: 3.20240531.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 3.20240514.1~deb12u1
Control: found -1 3.20240514.1~deb11u1

Hi,

The following vulnerabilities were published for intel-microcode.

CVE-2024-25939[0]:
| Mirrored regions with different values in 3rd Generation Intel(R)
| Xeon(R) Scalable Processors may allow a privileged user to
| potentially enable denial of service via local access.


CVE-2024-24980[1]:
| Protection mechanism failure in some 3rd, 4th, and 5th Generation
| Intel(R) Xeon(R) Processors may allow a privileged user to
| potentially enable escalation of privilege via local access.


CVE-2024-24853[2]:
| Incorrect behavior order in transition between executive monitor and
| SMI transfer monitor (STM) in some Intel(R) Processor may allow a
| privileged user to potentially enable escalation of privilege via
| local access.


CVE-2023-49141[3]:
| Improper isolation in some Intel(R) Processors stream cache
| mechanism may allow an authenticated user to potentially enable
| escalation of privilege via local access.


CVE-2023-42667[4]:
| Improper isolation in the Intel(R) Core(TM) Ultra Processor stream
| cache mechanism may allow an authenticated user to potentially
| enable escalation of privilege via local access.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-25939
    https://www.cve.org/CVERecord?id=CVE-2024-25939
[1] https://security-tracker.debian.org/tracker/CVE-2024-24980
    https://www.cve.org/CVERecord?id=CVE-2024-24980
[2] https://security-tracker.debian.org/tracker/CVE-2024-24853
    https://www.cve.org/CVERecord?id=CVE-2024-24853
[3] https://security-tracker.debian.org/tracker/CVE-2023-49141
    https://www.cve.org/CVERecord?id=CVE-2023-49141
[4] https://security-tracker.debian.org/tracker/CVE-2023-42667
    https://www.cve.org/CVERecord?id=CVE-2023-42667
[5] 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: intel-microcode
Source-Version: 3.20240813.1
Done: Henrique de Moraes Holschuh <h...@debian.org>

We believe that the bug you reported is fixed in the latest version of
intel-microcode, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1078...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Henrique de Moraes Holschuh <h...@debian.org> (supplier of updated 
intel-microcode package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 15 Aug 2024 14:41:50 -0300
Source: intel-microcode
Architecture: source
Version: 3.20240813.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Closes: 1078742
Changes:
 intel-microcode (3.20240813.1) unstable; urgency=medium
 .
   * New upstream microcode datafile 20240813 (closes: #1078742)
     - Mitigations for INTEL-SA-01083 (CVE-2024-24853)
       Incorrect behavior order in transition between executive monitor and SMI
       transfer monitor (STM) in some Intel Processors may allow a privileged
       user to potentially enable escalation of privilege via local access.
     - Mitigations for INTEL-SA-01118 (CVE-2024-25939)
       Mirrored regions with different values in 3rd Generation Intel Xeon
       Scalable Processors may allow a privileged user to potentially enable
       denial of service via local access.
     - Mitigations for INTEL-SA-01100 (CVE-2024-24980)
       Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel
       Xeon Processors may allow a privileged user to potentially enable
       escalation of privilege via local access.
     - Mitigations for INTEL-SA-01038 (CVE-2023-42667)
       Improper isolation in the Intel Core Ultra Processor stream cache
       mechanism may allow an authenticated user to potentially enable
       escalation of privilege via local access.
     - Mitigations for INTEL-SA-01046 (CVE-2023-49141)
       Improper isolation in some Intel® Processors stream cache mechanism may
       allow an authenticated user to potentially enable escalation of
       privilege via local access.
     - Fix for unspecified functional issues on several processor models
   * Updated microcodes:
     sig 0x00050657, pf_mask 0xbf, 2024-03-01, rev 0x5003707, size 39936
     sig 0x0005065b, pf_mask 0xbf, 2024-04-01, rev 0x7002904, size 30720
     sig 0x000606a6, pf_mask 0x87, 2024-04-01, rev 0xd0003e7, size 308224
     sig 0x000606c1, pf_mask 0x10, 2024-04-03, rev 0x10002b0, size 300032
     sig 0x000706e5, pf_mask 0x80, 2024-02-15, rev 0x00c6, size 114688
     sig 0x000806c1, pf_mask 0x80, 2024-02-15, rev 0x00b8, size 112640
     sig 0x000806c2, pf_mask 0xc2, 2024-02-15, rev 0x0038, size 99328
     sig 0x000806d1, pf_mask 0xc2, 2024-02-15, rev 0x0052, size 104448
     sig 0x000806e9, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 106496
     sig 0x000806e9, pf_mask 0x10, 2024-02-01, rev 0x00f6, size 106496
     sig 0x000806ea, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 105472
     sig 0x000806eb, pf_mask 0xd0, 2024-02-01, rev 0x00f6, size 106496
     sig 0x000806ec, pf_mask 0x94, 2024-02-05, rev 0x00fc, size 106496
     sig 0x00090661, pf_mask 0x01, 2024-04-05, rev 0x001a, size 20480
     sig 0x000906ea, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 105472
     sig 0x000906eb, pf_mask 0x02, 2024-02-01, rev 0x00f6, size 106496
     sig 0x000906ec, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 106496
     sig 0x000906ed, pf_mask 0x22, 2024-02-05, rev 0x0100, size 106496
     sig 0x000a0652, pf_mask 0x20, 2024-02-01, rev 0x00fc, size 97280
     sig 0x000a0653, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 98304
     sig 0x000a0655, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 97280
     sig 0x000a0660, pf_mask 0x80, 2024-02-01, rev 0x00fe, size 97280
     sig 0x000a0661, pf_mask 0x80, 2024-02-01, rev 0x00fc, size 97280
     sig 0x000a0671, pf_mask 0x02, 2024-03-07, rev 0x0062, size 108544
     sig 0x000a06a4, pf_mask 0xe6, 2024-04-15, rev 0x001e, size 137216
   * source: update symlinks to reflect id of the latest release, 20240813
   * postinst, postrm: switch to dpkg-trigger to run update-initramfs
Checksums-Sha1:
 9c199065cd9b2e24aac0ac1f6e74aa639f7c3622 1798 intel-microcode_3.20240813.1.dsc
 37f2dbbd5bb2fa11da43f2a6222060a9bd1d25a6 7679004 
intel-microcode_3.20240813.1.tar.xz
 a45b228e59fa4433558d5bf81d255cdeebe32a6a 6570 
intel-microcode_3.20240813.1_amd64.buildinfo
Checksums-Sha256:
 da5e946bf334f2f581658dfb2a7e6b35c8dab8f6370910f8e1eda8e7ee0bec4f 1798 
intel-microcode_3.20240813.1.dsc
 b89ec269036df2610d5c7d90ae9c3a2f7c9f49fca711db4ac0474a32a7e20db7 7679004 
intel-microcode_3.20240813.1.tar.xz
 ee27cad9ffbb853530a2e53433c0a4b6157229d217ea7af28643e650fb9f76f6 6570 
intel-microcode_3.20240813.1_amd64.buildinfo
Files:
 9421f7e3be33012582f66d466fe2837c 1798 non-free-firmware/admin standard 
intel-microcode_3.20240813.1.dsc
 4215696862b4cc1681ba18c78a5fad41 7679004 non-free-firmware/admin standard 
intel-microcode_3.20240813.1.tar.xz
 eab050e48012cf94553874ac71a2c8f4 6570 non-free-firmware/admin standard 
intel-microcode_3.20240813.1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpvbMGUAhfu+gsYOwlOXoPKamj0cFAma+P78ACgkQlOXoPKam
j0fIfw//faLD6XlO4CaWqMAXmw1w1yIKOHbxxg1aJ3FG50XdqMd8YSpY7cK0iuIL
WDFow3NfRaUshKorp9CxgSOfoivoHxNvCh0mwiT/PDXCA+s82rnlOAvdcebcCorg
4GhhbNjDtIWzKtJEBhUuT1q5m6fppi0rdrUVylLLqwxCODz5BSLqRQ4VTrFQWfYq
z+LQylaxXq6AXk0cHB1iPbgNS5FQh0M/V17iuwOt7Rsgj3vHLr1cA9AqKBVWignF
pKM4520FDq6vIJOEcoURXv6mQX4Pj7GWop6GE3Kxs4hbxcnFXGSZfg3UFzFBcmM+
98iiBeRhaFNysBFuImZf3PwXoko90Uvior3pJAOrHvdN0Rg8T/3SF3r0IZrgrib+
BkpiuVZdRpR248wUKFTnF5wKajz2IHi2wHsFY/ReHNc0iHnjBJrM1EsoNoGCCW2n
KPM9+LIYpnUq7d3c0Ls4qfPziRaJqX3U0rTANt587LTxE+KaV8+jGaFqFTEi5UgZ
GP9mdzjUjWBfV3ZUkTyuBdsEgw8hpaaf0W6WCxFsT6MbRInfOQ/OP4ODOGyLDpG7
Hx+rX7g00RB+Mu+TaC0t8IlwrxM969fUpg57zj50bqrBJ7ISsJGA8j1Ap1u10fH6
x8HXH9DCBkWPKnUvGOjuzrnlDrJ8Q9iaBze+8l4TQ5/f3YvZVLQ=
=1MEs
-----END PGP SIGNATURE-----

pgp6FokpQ25QB.pgp
Description: PGP signature

--- End Message ---