Announcement

Collapse
No announcement yet.

Looking At The New "Critical" Security Firmware Update Hitting Systems - Delivers New Intel Microcode

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • #1

    Looking At The New "Critical" Security Firmware Update Hitting Systems - Delivers New Intel Microcode

    Phoronix: Looking At The New "Critical" Security Firmware Update Hitting Systems - Delivers New Intel Microcode

    Earlier this week the Linux Vendor Firmware Service began surging with activity following many new system firmware files being uploaded for what appears to be a "high severity upcoming security issue" but currently undisclosed. That issue hasn't been made public yet, but after poking around it is updating the Intel CPU microcode.

    Looking At The New "Critical" Security Firmware Update Hitting Systems - Delivers New Intel Microcode - Phoronix
    https://www.phoronix.com/vr.php?view=30862
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    Too bad Asus, Gigabyte and MSI are not on board LVFS. I want UEFI updates for consumer-grade PC desktop motherboards.

    SiFive isn't on board either, so no firmware updates for RISC-V.
    • Likes 6

    Comment

    • #3
      Originally posted by uid313 View Post
      Too bad Asus, Gigabyte and MSI are not on board LVFS. I want UEFI updates for consumer-grade PC desktop motherboards.

      SiFive isn't on board either, so no firmware updates for RISC-V.
      It is the problem with the vendor lock-in, and "you use my firmwar or your system won't boot.
      Darn, Coreboot looks more and more welcoming over time. Hopefully we will see some new RISC-V boards coming out in future with coreboot and not requiring any binary blobs to run.
      Linuxer since the early beginnings...

      Comment

      • #4
        Could be related to MounBounce (UEFI Rootkit, which is appended to the DXE)
        Researchers Discover Dangerous Firmware-Level Rootkit
        https://www.darkreading.com/threat-intelligence/researchers-uncover-dangerous-new-firmware-level-rootkit
        MoonBounce is the latest in a small but growing number of implants found hidden in a computer's Unified Extensible Firmware Interface (UEFI).

        Comment

        • #5
          Sadly my lenovo from 2018 dont seam to get updates anymore
          • Likes 1

          Comment

          • #6
            I'd checked and there hasn't been an urgent new BIOS for my Ryzen-based board (Asus ROG Crosshair VIII Hero etc. etc.) so I suppose an Intel bug makes sense.

            Comment

            • #7
              Originally posted by Ray Ingles View Post
              I'd checked and there hasn't been an urgent new BIOS for my Ryzen-based board (Asus ROG Crosshair VIII Hero etc. etc.) so I suppose an Intel bug makes sense.
              There have been for example Gigabyte B550 AORUS PRO AC:
              • Major vulnerabilities updates, customers are strongly encouraged to update to this release at the earliest.
              Credits to "Assaf Carlsbad and Itai Liba from SentinelOne"
              • Introduce capsule BIOS support starting this version.

              The latter might be seen as indicative of future LVFS support, since as far as I know it's the mechanism used for UEFI updates (one can hope :P).

              Also those Dell updates have updated Intel ME/AMT versions, which usually happens on vulnerability patches.

              Comment

              • #8
                Hi! Intel? AMD? *please upload new microcode to the linux firmware git*

                I've been saying this since spectre hit but it still rarely happens. It's a single file, but it's the difference between patching a tiny number of linux users and ALL linux users. (well, except the libre quacks who are scared of microcode updates, but nobody supports core2 anymore anyway)

                There are still plenty of AMD CPUs I know of (and own) from the fam15h days that have received microcode updates through BIOS patches for spectre, but the latest version on the git is from 2014. That means I have to _manually_ graft the headersand whatnot together to make a microcode package that the kernel will accept and load. It's a colossal pain in the ass, especially since the microcode package formats are poorly documented and the kernel microcode loading code is garbage.
                • Likes 3

                Comment

                • #9
                  Here's a list of CVEs that were addressed b HP on Intel-based systems in December 2021. 3 of them are still in reserved state:
                  CVE - CVE-2021-33107
                  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33107
                  The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

                  CVE - CVE-2021-0157
                  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0157
                  The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

                  CVE - CVE-2021-0156
                  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0156
                  The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

                  CVE - CVE-2021-0127
                  https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-0127
                  The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
                  • Likes 1

                  Comment

                  • #10
                    The Dell XPS 9310 is the most crashy piece of hardware ...

                    Comment

                    Previous 1 2 template Next
                    Working...
                    X