Announcement

Collapse
No announcement yet.

Looking At The New "Critical" Security Firmware Update Hitting Systems - Delivers New Intel Microcode

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Looking At The New "Critical" Security Firmware Update Hitting Systems - Delivers New Intel Microcode

    Phoronix: Looking At The New "Critical" Security Firmware Update Hitting Systems - Delivers New Intel Microcode

    Earlier this week the Linux Vendor Firmware Service began surging with activity following many new system firmware files being uploaded for what appears to be a "high severity upcoming security issue" but currently undisclosed. That issue hasn't been made public yet, but after poking around it is updating the Intel CPU microcode.

    https://www.phoronix.com/vr.php?view=30862

  • #2
    Too bad Asus, Gigabyte and MSI are not on board LVFS. I want UEFI updates for consumer-grade PC desktop motherboards.

    SiFive isn't on board either, so no firmware updates for RISC-V.

    Comment


    • #3
      Originally posted by uid313 View Post
      Too bad Asus, Gigabyte and MSI are not on board LVFS. I want UEFI updates for consumer-grade PC desktop motherboards.

      SiFive isn't on board either, so no firmware updates for RISC-V.
      It is the problem with the vendor lock-in, and "you use my firmwar or your system won't boot.
      Darn, Coreboot looks more and more welcoming over time. Hopefully we will see some new RISC-V boards coming out in future with coreboot and not requiring any binary blobs to run.
      Linuxer since the early beginnings...

      Comment


      • #4
        Could be related to MounBounce (UEFI Rootkit, which is appended to the DXE)
        https://www.darkreading.com/threat-i...-level-rootkit

        Comment


        • #5
          Sadly my lenovo from 2018 dont seam to get updates anymore

          Comment


          • #6
            I'd checked and there hasn't been an urgent new BIOS for my Ryzen-based board (Asus ROG Crosshair VIII Hero etc. etc.) so I suppose an Intel bug makes sense.

            Comment


            • #7
              Originally posted by Ray Ingles View Post
              I'd checked and there hasn't been an urgent new BIOS for my Ryzen-based board (Asus ROG Crosshair VIII Hero etc. etc.) so I suppose an Intel bug makes sense.
              There have been for example Gigabyte B550 AORUS PRO AC:
              • Major vulnerabilities updates, customers are strongly encouraged to update to this release at the earliest.
              Credits to "Assaf Carlsbad and Itai Liba from SentinelOne"
              • Introduce capsule BIOS support starting this version.

              The latter might be seen as indicative of future LVFS support, since as far as I know it's the mechanism used for UEFI updates (one can hope :P).

              Also those Dell updates have updated Intel ME/AMT versions, which usually happens on vulnerability patches.

              Comment


              • #8
                Hi! Intel? AMD? *please upload new microcode to the linux firmware git*

                I've been saying this since spectre hit but it still rarely happens. It's a single file, but it's the difference between patching a tiny number of linux users and ALL linux users. (well, except the libre quacks who are scared of microcode updates, but nobody supports core2 anymore anyway)

                There are still plenty of AMD CPUs I know of (and own) from the fam15h days that have received microcode updates through BIOS patches for spectre, but the latest version on the git is from 2014. That means I have to _manually_ graft the headersand whatnot together to make a microcode package that the kernel will accept and load. It's a colossal pain in the ass, especially since the microcode package formats are poorly documented and the kernel microcode loading code is garbage.

                Comment


                • #9
                  Here's a list of CVEs that were addressed b HP on Intel-based systems in December 2021. 3 of them are still in reserved state:
                  https://cve.mitre.org/cgi-bin/cvenam...CVE-2021-33107
                  https://cve.mitre.org/cgi-bin/cvenam...=CVE-2021-0157
                  https://cve.mitre.org/cgi-bin/cvenam...=CVE-2021-0156
                  https://cve.mitre.org/cgi-bin/cvenam...name=2021-0127

                  Comment


                  • #10
                    The Dell XPS 9310 is the most crashy piece of hardware ...

                    Comment

                    Working...
                    X