Unfortunately the documentation from Intel has been unclear on these vulnerabilities - when preparing this update I was under the impression that there was a microcode update which mitigates parts of CVE-2024-39279 on some platforms - but I believe the actual fix for this requires a BIOS update. Due to the incomplete documentation from Intel (in particular the upstream release for this https://github.com/intel/Intel-Linux-Processor-Microcode-Data- Files/releases/tag/microcode-20250211 calls out INTEL-SA-01139 - so I tried to map this against the contents of the microcode files but it is entirely possible I made some mistakes here.
I have checked and I have not left out anything in the Ubuntu package compared to what was released upstream so I do not believe there is any bug here or issue. As such, I will mark this as public and close it, but feel free to let me know if you think there is anything still amiss and I will do my best to address it. Thanks. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-39279 ** Information type changed from Private Security to Public Security ** Changed in: intel-microcode (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2100005 Title: intel-microcode 3.20250211.0ubuntu0.22.04.1 may be incomplete To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/2100005/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
