View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000412AlmaLinux-8linux-firmwarepublic2023-07-25 01:482023-10-17 00:42
Reporteralukoshko Assigned Toalukoshko  
PriorityhighSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Summary0000412: AlmaLinux 8 is affected by CVE-2023-20593 (Zenbleed)
DescriptionAMD CPU microcode update is required in linux-firmware package
Additional Informationhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/amd-ucode?id=0bc3126c9cfa0b8c761483215c25382f831a7c6f
TagsNo tags attached.
abrt_hash
URL

Activities

tuxwielder

2023-07-25 16:12

reporter   ~0000935

Did it work for you? -> Yes

Upgrade went just fine. I have been 'stress --cpu 42'-ing for a while now and no issues so far.

Thank you for your great work!
20230725_lscpu.txt (1,740 bytes)    
Architecture:        x86_64
CPU op-mode(s):      32-bit, 64-bit
Byte Order:          Little Endian
CPU(s):              48
On-line CPU(s) list: 0-47
Thread(s) per core:  2
Core(s) per socket:  24
Socket(s):           1
NUMA node(s):        1
Vendor ID:           AuthenticAMD
BIOS Vendor ID:      Advanced Micro Devices, Inc.
CPU family:          23
Model:               49
Model name:          AMD EPYC 7402P 24-Core Processor
BIOS Model name:     AMD EPYC 7402P 24-Core Processor               
Stepping:            0
CPU MHz:             2800.000
CPU max MHz:         2800.0000
CPU min MHz:         1500.0000
BogoMIPS:            5599.90
Virtualization:      AMD-V
L1d cache:           32K
L1i cache:           32K
L2 cache:            512K
L3 cache:            16384K
NUMA node0 CPU(s):   0-47
Flags:               fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb cat_l3 cdp_l3 hw_pstate ssbd mba ibrs ibpb stibp vmmcall fsgsbase bmi1 avx2 smep bmi2 cqm rdt_a rdseed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local clzero irperf xsaveerptr wbnoinvd amd_ppin arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif v_spec_ctrl umip rdpid overflow_recov succor smca sme sev sev_es
20230725_lscpu.txt (1,740 bytes)   
20230725_journalctl_microcode.txt (5,906 bytes)    
-- Logs begin at Wed 2023-07-12 14:12:44 CEST, end at Tue 2023-07-25 18:06:12 CEST. --
Jul 12 14:12:44 <hostname> kernel: microcode: microcode updated early to new patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU0: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU1: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU2: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU3: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU4: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU5: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU6: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU7: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU8: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU9: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU10: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU11: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU12: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU13: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU14: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU15: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU16: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU17: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU18: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU19: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU20: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU21: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU22: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU23: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU24: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU25: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU26: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU27: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU28: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU29: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU30: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU31: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU32: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU33: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU34: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU35: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU36: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU37: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU38: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU39: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU40: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU41: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU42: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU43: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU44: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU45: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU46: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: CPU47: patch_level=0x08301055
Jul 12 14:12:44 <hostname> kernel: microcode: Microcode Update Driver: v2.2.
Jul 25 17:40:48 <hostname> kernel: microcode: CPU3: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU23: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU22: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU21: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU11: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU9: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU10: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU2: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU15: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU17: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU14: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU16: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU19: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU13: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU12: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU7: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU6: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU18: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU8: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU20: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU5: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU4: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU1: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: CPU0: new patch_level=0x0830107a
Jul 25 17:40:48 <hostname> kernel: microcode: Reload completed, microcode revision: 0x830107a
20230725_journalctl_microcode.txt (5,906 bytes)   

bennyvasquez

2023-07-26 13:37

reporter   ~0000936

Yup, it worked for 24 identical servers.
testing.txt (4,621 bytes)    
-- Logs begin at Fri 2023-07-14 20:30:43 EDT, end at Tue 2023-07-25 16:32:27 EDT. --
Jul 17 23:16:17 hostname unknown: After installation of a new version of microcode_ctl package,
Jul 17 23:16:17 hostname unknown: Intel CPU microcode included into early initramfs image for it, i>
Jul 25 14:24:55 hostname kernel: microcode: CPU18: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU19: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU16: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU17: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU30: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU28: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU31: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU29: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU26: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU24: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU27: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU3: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU25: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU8: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU11: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU10: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU2: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU12: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU0: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU9: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU1: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU7: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU15: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU21: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU14: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU22: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU20: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU4: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU5: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU6: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU23: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: CPU13: new patch_level=0x0830107a
Jul 25 14:24:55 hostname kernel: microcode: Reload completed, microcode revision: 0x830107a
Architecture:        x86_64
CPU op-mode(s):      32-bit, 64-bit
Byte Order:          Little Endian
CPU(s):              64
On-line CPU(s) list: 0-63
Thread(s) per core:  2
Core(s) per socket:  16
Socket(s):           2
NUMA node(s):        2
Vendor ID:           AuthenticAMD
BIOS Vendor ID:      Advanced Micro Devices, Inc.
CPU family:          23
Model:               49
Model name:          AMD EPYC 7282 16-Core Processor
BIOS Model name:     AMD EPYC 7282 16-Core Processor
Stepping:            0
CPU MHz:             3199.855
CPU max MHz:         2800.0000
CPU min MHz:         1500.0000
BogoMIPS:            5600.19
Virtualization:      AMD-V
L1d cache:           32K
L1i cache:           32K
L2 cache:            512K
L3 cache:            16384K
NUMA node0 CPU(s):   0-15,32-47
NUMA node1 CPU(s):   16-31,48-63
Flags:               fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb cat_l3 cdp_l3 hw_pstate ssbd mba ibrs ibpb stibp vmmcall fsgsbase bmi1 avx2 smep bmi2 cqm rdt_a rdseed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local clzero irperf xsaveerptr wbnoinvd amd_ppin arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif v_spec_ctrl umip rdpid overflow_recov succor smca sme sev sev_es
testing.txt (4,621 bytes)   

toracat

2023-08-16 17:11

reporter   ~0000959

I see in the repo:

20230404-114.git2e92a49f.el8_8.noarch.rpm
20230404-114.git2e92a49f.el8_8.alma.noarch.rpm

One potential issue is that the patched version has a lower EVR, so yum/dnf will not update the package automatically.

$ rpmdev-vercmp 20230404-114.git2e92a49f.el8_8.noarch 20230404-114.git2e92a49f.el8_8.alma.noarch
20230404-114.git2e92a49f.el8_8.noarch > 20230404-114.git2e92a49f.el8_8.alma.noarch

alukoshko

2023-08-22 14:53

administrator   ~0000961

[root@febbe3c16572 /]# dnf install linux-firmware
AlmaLinux 8 - BaseOS 3.2 MB/s | 6.1 MB 00:01
AlmaLinux 8 - AppStream 3.8 MB/s | 12 MB 00:03
AlmaLinux 8 - Extras 25 kB/s | 23 kB 00:00
Last metadata expiration check: 0:00:01 ago on Tue Aug 22 14:53:13 2023.
Dependencies resolved.
==========================================================================================================================
 Package Architecture Version Repository Size
==========================================================================================================================
Installing:
 linux-firmware noarch 20230404-114.git2e92a49f.el8_8.alma baseos 264 M

Transaction Summary
==========================================================================================================================
Install 1 Package

Total download size: 264 M
Installed size: 723 M
Is this ok [y/N]:

Issue History

Date Modified Username Field Change
2023-07-25 01:48 alukoshko New Issue
2023-07-25 01:48 alukoshko Status new => assigned
2023-07-25 01:48 alukoshko Assigned To => alukoshko
2023-07-25 16:12 tuxwielder Note Added: 0000935
2023-07-25 16:12 tuxwielder File Added: 20230725_lscpu.txt
2023-07-25 16:12 tuxwielder File Added: 20230725_journalctl_microcode.txt
2023-07-26 13:37 bennyvasquez Note Added: 0000936
2023-07-26 13:37 bennyvasquez File Added: testing.txt
2023-08-16 17:11 toracat Note Added: 0000959
2023-08-22 14:53 alukoshko Note Added: 0000961
2023-08-29 06:59 alukoshko Status assigned => resolved
2023-08-29 06:59 alukoshko Resolution open => fixed