This bug was fixed in the package amd64-microcode - 3.20250708.1ubuntu1
---------------
amd64-microcode (3.20250708.1ubuntu1) questing; urgency=medium
[ Rodrigo Figueiredo Zaiden ]
* SECURITY UPDATE: Update package data from linux-firmware 20250708 (LP:
#2120893)
- Updated microcodes:
Family=0x19 Model=0x08 Stepping=0x02: Patch=0x0a00820d Length=5568 bytes
Family=0x19 Model=0x18 Stepping=0x01: Patch=0x0a108109 Length=5568 bytes
Family=0x19 Model=0x21 Stepping=0x00: Patch=0x0a20102e Length=5568 bytes
Family=0x19 Model=0x21 Stepping=0x02: Patch=0x0a201211 Length=5568 bytes
Family=0x19 Model=0x44 Stepping=0x01: Patch=0x0a404108 Length=5568 bytes
Family=0x19 Model=0x50 Stepping=0x00: Patch=0x0a500012 Length=5568 bytes
Family=0x19 Model=0x61 Stepping=0x02: Patch=0x0a60120a Length=5568 bytes
Family=0x19 Model=0x74 Stepping=0x01: Patch=0x0a704108 Length=5568 bytes
Family=0x19 Model=0x75 Stepping=0x02: Patch=0x0a705208 Length=5568 bytes
Family=0x19 Model=0x78 Stepping=0x00: Patch=0x0a708008 Length=5568 bytes
Family=0x19 Model=0x7c Stepping=0x00: Patch=0x0a70c008 Length=5568 bytes
- CVE-2024-36350 (AMD-SB-7029)
A transient execution vulnerability in some AMD processors may allow
an attacker to infer data from previous stores, potentially resulting
in the leakage of privileged information.
- CVE-2024-36357 (AMD-SB-7029)
A transient execution vulnerability in some AMD processors may allow
an attacker to infer data in the L1D cache, potentially resulting in
the leakage of sensitive information across privileged boundaries.
* Remaining changes:
- initramfs-tools hook (debian/initramfs.hook):
+ Default to 'early' instead of 'auto' when building with
MODULES=most
+ Do not override preset defaults from auto-exported conf
snippets loaded by initramfs-tools.
[ Marc Deslauriers ]
* Also Update AMD PMF TA Firmware to v3.1 to match the upstream git tag.
-- Rodrigo Figueiredo Zaiden <[email protected]> Mon, 18
Aug 2025 22:08:22 -0300
** Changed in: amd64-microcode (Ubuntu)
Status: Triaged => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2024-36350
** CVE added: https://cve.org/CVERecord?id=CVE-2024-36357
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2120893
Title:
[FFe] Update amd64-microcode to upstream version 20250708
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/amd64-microcode/+bug/2120893/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
