The Debian Project released a new intel-microcode security update for Intel CPU microarchitectures to address a regression affecting HEDT and Xeon processors, and add mitigations for Coffe Lake CPUs.
Last month on November 13th, the Debian Project shipped updated CPU microcode for various types of Intel CPUs to mitigate the TAA (TSX Asynchronous Abort) vulnerability (CVE-2019-11135). But not all Intel CPU models were covered by the update, so they released a new intel-microcode security update that addresses this flaw for Coffe Lake processors too.
“This update ships updated CPU microcode for CFL-S (Coffe Lake Desktop) models of Intel CPUs which were not yet included in the Intel microcode update released as DSA 4565-1,” reads the security advisory. “We recommend that you upgrade your intel-microcode packages.”
Regression on HEDT and Xeon processors fixed
Additionally, the new intel-microcode security update addresses a regression on HEDT and Xeon processors with signature 0x50654 that may have caused hangs on warm reboots by rolling back the CPU microcode. Therefore, users who installed the previous update are urged to update the intel-microcode package as soon as possible and also install the latest Linux kernel update.
While on the Debian GNU/Linux 9 “Stretch” “oldstable” distribution, users must update the intel-microcode to version 3.20191115.2~deb9u1, on the latest stable Debian GNU/Linux 10 “Buster” series they must update the intel-microcode to version 3.20191115.2~deb10u1. Please reboot your computers after successfully installing the new intel-microcode version.
For more details about the latest Intel Microcode updates and supported processors please refer to https://www.intel.com/content/dam/www/public/us/en/security-advisory/documents/IPU-2019.2-microcode-update-guidance-v1.01.pdf.