Hi, (I've just claimed amd64-microcode, but as this package will need an updated kernel, some coordination will be required until it is ready for upload and of course stable / oldstable will need to have the fixes too.)
It seems that the required kernel bits will be in 6.19 - https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?h=x86/cpu&id=2a47c26e55a2bc085a2349ed1d4e065ee298155f @ben: for coordination purposes, are there plans regarding those bits in respect to backport them to earlier kernels? -- Cheers, tobi ----- Forwarded message from Henrique de Moraes Holschuh <[email protected]> ----- Date: Sun, 09 Nov 2025 18:14:23 -0300 From: Henrique de Moraes Holschuh <[email protected]> To: [email protected], Tobias Frost <[email protected]> Subject: Re: Bug#1109035: amd64-microcode: 2024-36350/TSA-SQ and CVE-2024-36357/TSA-L1 X-Mailer: MessagingEngine.com Webmail Interface AMD changes to avoid regressing outdated family 19h systems have showed up on linux-firmware recently, and there are patches to the kernel microcode driver on their way to mainline (they can be seen on the "tip" tree). I am packaging the new microcode update to upload to *unstable*, but systems with outdated firmware are supposed to regress unless they also have the kernel changes, so updates to stable are still in the future. It has also become very clear that: 1. Family 0x19 (Zen 2 to Zen 4) will have the choice of staying on the last Entrysign-vulnerable microcode release. Obviously, they will remain vulnerable to Entrysign and everything else fixed since Entrysign, since they will *not* receive any new microcode updates. 2. Zen 5 systems have no such choice: all systems must update the firmware to fix Entrysign in order to receive microcode updates. We can issue partial security updates to stable covering only family 0x1a (Zen 5) while we wait for the kernel-side changes that will enable us to ship the fixes for family 0x19 without regressing systems with outdated firmware. -- Henrique de Moraes Holschuh <[email protected]> ----- End forwarded message -----
signature.asc
Description: PGP signature
