Your message dated Sat, 06 Dec 2025 15:48:46 +0000
with message-id <[email protected]>
and subject line Bug#1109035: fixed in amd64-microcode 3.20251202.1
has caused the Debian Bug report #1109035,
regarding amd64-microcode: 2024-36350/TSA-SQ and CVE-2024-36357/TSA-L1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1109035: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109035
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: amd64-microcode
Version: 3.20250311.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 3.20250311.1~deb12u1
Hi Henrique,
The following vulnerabilities were published for amd64-microcode.
CVE-2024-36350[0]:
| A transient execution vulnerability in some AMD processors may allow
| an attacker to infer data from previous stores, potentially
| resulting in the leakage of privileged information.
CVE-2024-36357[1]:
| A transient execution vulnerability in some AMD processors may allow
| an attacker to infer data in the L1D cache, potentially resulting in
| the leakage of sensitive information across privileged boundaries.
My understanding from the patch levels in amd-ucode/README is that we
are not yet covered by the needed updates on microcode side[2] for
CVE-2024-36350/TSA-SQ and CVE-2024-36357/TSA-L1 in
amd64-microcode/3.20250311.1. Correct?
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-36350
https://www.cve.org/CVERecord?id=CVE-2024-36350
[1] https://security-tracker.debian.org/tracker/CVE-2024-36357
https://www.cve.org/CVERecord?id=CVE-2024-36357
[2]
https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: amd64-microcode
Source-Version: 3.20251202.1
Done: Henrique de Moraes Holschuh <[email protected]>
We believe that the bug you reported is fixed in the latest version of
amd64-microcode, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Henrique de Moraes Holschuh <[email protected]> (supplier of updated
amd64-microcode package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 06 Dec 2025 12:04:29 -0300
Source: amd64-microcode
Architecture: source
Version: 3.20251202.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <[email protected]>
Changed-By: Henrique de Moraes Holschuh <[email protected]>
Closes: 1101350 1109035 1110987 1120005
Changes:
amd64-microcode (3.20251202.1) unstable; urgency=medium
.
* Update package data from linux-firmware 20251202
* ATTENTION: regression risk if backported to stable or LTS.
The amd processor microcode updates in this release will not load on
systems with outdated BIOS vulnerable to "Entrysign" unless a number of
kernel patches are present.
* amd-tee: update AMD PMF TA Firmware to v3.1.
* amd-ucode: update with release 2025-12-02:
+ SECURITY UPDATE (AMD-SB-7055 / CVE-2025-62626)
Fix RDSEED Failure on more AMD Zen 5 Processor models
(closes: #1120005)
* amd-ucode: update with release 2025-11-13:
+ SECURITY UPDATE (AMD-SB-7055 / CVE-2025-62626)
Fix RDSEED Failure on more AMD Zen 5 Processor models
* amd-ucode: update with release 2025-10-30:
+ SECURITY UPDATE (AMD-SB-7055 / CVE-2025-62626)
Fix RDSEED Failure on some AMD Zen 5 Processor models
+ amd-ucode: update with release 2025-10-27:
* This is the final microcode release for systems that have not
been updated to fix vulnerability AMD-SB-7033 "Entrysign").
* A kernel update is needed for the microcode driver to be able
to select the appropriate microcode updates for outdated system
firmware vulnerable to "Entrysign".
* On non-updated kernels, this will potentially *regress* the
microcode version on the running system back to the one in the
(outdated, unpatched-for-Entrysign) BIOS.
+ amd-ucode: update with release 2025-07-29:
+ SECURITY UPDATE (AMD-SB-7029: CVE-2024-36350, CVE-2024-36357):
Mitigate transient execution vulnerabilities in some AMD processors
which might allow an attacker to infer data from previous stores
(TSA-SQ) or data in the L1D cache (TSA-L1), potentially resulting in
the leakage of privileged information and sensitive information across
priviledged boundaries (closes: #1109035)
* NOTE: Requires kernel and hypervisor changes for the security
mitigations to be applied (issue VERW instruction at appropriate
times).
* initramfs: guard against copying non-microcode data into the
early-initramfs bundle, for the benefit of those that copy all files from
linux-firmware into /lib/firmware/*. Thanks to Eric Valette for tracking
it down (closes: #1101350)
* debian/control: recommend cpio (closes: #1110987)
* NEWS.Debian: update for post-Entrysign microcode updates
Document that kernel patches are needed to avoid regressing the microcode
release on vulnerable Zen2/3/4 systems (family 0x19), and also that these
systems will not receive any future microcode updates.
Checksums-Sha1:
88199f24dd54604166dbb04f47b4a263c0fb4292 1716 amd64-microcode_3.20251202.1.dsc
3424ce8d6b278792d13eab59eeec93994e750ee1 445344
amd64-microcode_3.20251202.1.tar.xz
17be9261de885f70b384ccaf4578580934ecbbab 5788
amd64-microcode_3.20251202.1_amd64.buildinfo
Checksums-Sha256:
bfc0ff51d9482e90ddb1d24b888e7ed44f5d2bc13b13c928faba4e743b3a1760 1716
amd64-microcode_3.20251202.1.dsc
df83c9de9bca9d351b20ec9f550884ababce8f376502bb0f58ee201d564261fe 445344
amd64-microcode_3.20251202.1.tar.xz
0e58a22e098ea4c245241f24e1632f257f82278b7f7311bd2e2e18a9e81a2c5a 5788
amd64-microcode_3.20251202.1_amd64.buildinfo
Files:
ea64dcf9e92d673bd4e02848c363f589 1716 non-free-firmware/admin standard
amd64-microcode_3.20251202.1.dsc
be3c290005cd452c82b3af23d6a53c6e 445344 non-free-firmware/admin standard
amd64-microcode_3.20251202.1.tar.xz
6363ab7ab8b694ae664e06a93b5a4dd0 5788 non-free-firmware/admin standard
amd64-microcode_3.20251202.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEpvbMGUAhfu+gsYOwlOXoPKamj0cFAmk0SZYPHGhtaEBkZWJp
YW4ub3JnAAoJEJTl6Dympo9He+AP/jlYk0RwB2JziGRicS242C0trW/a6PS++9P6
TUJq/2K//HqhmR9C45YovMwkI7WEQtoPILyWC5UihdCLblTeu7zMJ1Dw38yK8Xog
kQEusrQmMx1++e0Aflrx5SfjinbN8Xk62Yr7vgJFwth3xlKwx0CHhwIYU5JqfhAX
wPxUapniTFrIaHRvT3momXMIzUD7ZKvAE+5zm483u1eQE/6J7LlJkdHJkMnTFWPL
jcAtlo4a9xOaTfmsd+ZJVaFw4iSiNqWQiZK9GnKVOLSkWE8Q5E6ythjxZbmj4FlK
tzMU1SbTkUt9CffeaW+KQ9jc7MSUWoYNPC2rM76mXf1pSTGuq9LDXMUhL+nhqoEP
K8kIHHfSaJQL7IcDF+qGuCX05UxSAfCDOJ4bKbXXsfK2qf33C88p+5f9uVaNATcc
f5kx2m0fXEWgMOhp+XmL5B0PchcY8VfkRuM0lFYQYW2rsg8VKpcWrBfnM+KEUuWh
sG0yg4psiPx1zGZsgp+jN3pI6sgMKtQyBmAbA+1F8dlZ6UPVCbTKo5d8HUFkYh/G
y8vhw3JC0rvN6ZZgnnh2qeeJsIrIMLbexO3FKsx7ZfLutDe9m+V2CFfNjcY5poZL
868wraj89YbiUo1BILMiRTeIN9atkgSt54GTBLiov3y9U8jM9kKsaM6OSIMOMwTN
glb6H25l
=JSpY
-----END PGP SIGNATURE-----
pgpWTNec7rsUT.pgp
Description: PGP signature
--- End Message ---
