On Fri, 13 May 2022, Salvatore Bonaccorso wrote: > The following vulnerability was published for intel-microcode. > > CVE-2022-21151[0]: > | Processor optimization removal or modification of security-critical > | code for some Intel(R) Processors may allow an authenticated user to > | potentially enable information disclosure via local access. > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Sure thing. I am already on it, sorry about the wait. There are regressions caused by microcode updates in Alder Lake, maybe restricted to some motherboards, but the reports are multi-vendor already. The regression is present in 3.20220207.1 and later, when Intel added Alder Lake microcode updates to the public datafile. https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/58 I will upload 20220510 with the entire set of microcode updates to unstable (which does include Alder Lake). If the security team would like to have 20220207+ in stable soonish, we can issue a 20220510 security update that blacklists 0x90672 and all other related signatures, until more details are known (or the issue gets fixed upstream). Just drop me a note, and I can prepare that. -- Henrique Holschuh
