amd64-microcode (3.20250311.1ubuntu0.24.04.1) noble-security; urgency=medium
* SECURITY UPDATE: Update package data from linux-firmware 20250311
- New AMD microcodes (20241121):
Family=0x17 Model=0x60 Stepping=0x01: Patch=0x0860010d
Family=0x17 Model=0x68 Stepping=0x01: Patch=0x08608108
Family=0x17 Model=0x71 Stepping=0x00: Patch=0x08701034
Family=0x19 Model=0x08 Stepping=0x02: Patch=0x0a00820c
Family=0x19 Model=0x18 Stepping=0x01: Patch=0x0a108108
Family=0x19 Model=0x21 Stepping=0x00: Patch=0x0a20102d
Family=0x19 Model=0x21 Stepping=0x02: Patch=0x0a201210
Family=0x19 Model=0x44 Stepping=0x01: Patch=0x0a404107
Family=0x19 Model=0x50 Stepping=0x00: Patch=0x0a500011
Family=0x19 Model=0x61 Stepping=0x02: Patch=0x0a601209
Family=0x19 Model=0x74 Stepping=0x01: Patch=0x0a704107
Family=0x19 Model=0x75 Stepping=0x02: Patch=0x0a705206
Family=0x19 Model=0x78 Stepping=0x00: Patch=0x0a708007
Family=0x19 Model=0x7c Stepping=0x00: Patch=0x0a70c005
- Updated microcodes:
Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a0000a
- New SEV firmware (20250221):
Family 19h models a0h-afh: version 1.55 build 39
Family 1ah models 00h-0fh: version 1.55 build 54
- Updated SEV firmware:
Family 17h models 30h-3fh: version 0.24 build 20
Family 19h models 00h-0fh: version 1.55 build 29
Family 19h models 10h-1fh: version 1.55 build 39
- CVE-2024-56161 (AMD-SB-3019)
Update remote attestation to be compatible with AMD systems with
up-to-date firmware (i.e. which fixes "EntrySign"), and update
AMD-SEV for AMD-SB-3019 mitigations.
- CVE-2023-20584 (AMD-SB-3003)
IOMMU improperly handles certain special address ranges with
invalid device table entries (DTEs), which may allow an attacker
with privileges and a compromised Hypervisor to induce DTE faults
to bypass RMP checks in SEV-SNP, potentially leading to a loss of
guest integrity.
- CVE-2023-31356 (AMD-SB-3003)
Incomplete system memory cleanup in SEV firmware could allow a
privileged attacker to corrupt guest private memory, potentially
resulting in a loss of data integrity.
* Adds amdtee firmware
* Remaining changes:
- initramfs-tools hook (debian/initramfs.hook):
+ Default to 'early' instead of 'auto' when building with
MODULES=most
+ Do not override preset defaults from auto-exported conf
snippets loaded by initramfs-tools.
-- Eduardo Barretto <eduardo.barretto@canonical.com> Wed, 28 May 2025 18:22:22 +0200
amd64-microcode (3.20231019.1ubuntu2.1) noble-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via improper MSR access
- amd-ucode/microcode_amd_fam{17,19}h.bin{,.asc}: add updated AMD
fam17h and fam19h CPU microcodes
- Updated microcodes:
Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126f Length=3200 bytes
Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107c Length=3200 bytes
Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a00107a Length=5568 bytes
Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d5 Length=5568 bytes
Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001238 Length=5568 bytes
Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101148 Length=5568 bytes
Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101248 Length=5568 bytes
Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00215 Length=5568 bytes
- CVE-2023-31315
-- Alex Murray <alex.murray@canonical.com> Wed, 16 Oct 2024 15:45:37 +1030
amd64-microcode (3.20231019.1ubuntu2) noble; urgency=high
* No change rebuild for 64-bit time_t and frame pointers.
-- Julian Andres Klode <juliank@ubuntu.com> Mon, 08 Apr 2024 17:54:09 +0200
amd64-microcode (3.20231019.1ubuntu1) noble; urgency=medium
* Merge from Debian unstable; remaining changes:
- initramfs-tools hook (debian/initramfs.hook):
+ Default to 'early' instead of 'auto' when building with
MODULES=most
+ Do not override preset defaults from auto-exported conf
snippets loaded by initramfs-tools.
-- Alex Murray <alex.murray@canonical.com> Tue, 14 Nov 2023 14:36:10 +1030
amd64-microcode (3.20231019.1) unstable; urgency=medium
* Update package data from linux-firmware 20231019
* Updated Microcode patches:
+ Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101144
+ Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101244
+ Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00213
-- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 21 Oct 2023 15:06:29 -0300
amd64-microcode (3.20230823.1) unstable; urgency=medium
* Update package data from linux-firmware 20230919
* New AMD-SEV firmware from AMD upstream (20230823)
+ Updated SEV firmware:
Family 19h models 00h-0fh: version 1.55 build 8
+ New SEV firmware:
Family 19h models 10h-1fh: version 1.55 build 21
* amd-ucode: Add note on fam19h warnings.
-- Henrique de Moraes Holschuh <hmh@debian.org> Fri, 13 Oct 2023 02:02:47 -0300
amd64-microcode (3.20230808.1.1ubuntu1) mantic; urgency=medium
* Merge from Debian unstable; remaining changes:
- initramfs-tools hook (debian/initramfs.hook):
+ Default to 'early' instead of 'auto' when building with
MODULES=most
+ Do not override preset defaults from auto-exported conf
snippets loaded by initramfs-tools.
-- Alex Murray <alex.murray@canonical.com> Wed, 16 Aug 2023 13:08:48 +0930
amd64-microcode (3.20230808.1.1) unstable; urgency=high
* Update package data from linux-firmware 20230804-6-gf2eb058a
* Fixes for CVE-2023-20569 "AMD Inception" on AMD Zen4 processors
(closes: #1043381)
* WARNING: for proper operation on AMD Genoa and Bergamo processors,
either up-to-date BIOS (with AGESA 1.0.0.8 or newer) or up-to-date
Linux kernels (minimal versions on each active Linux stable branch:
v4.19.289 v5.4.250 v5.10.187 v5.15.120 v6.1.37 v6.3.11 v6.4.1)
are *required*
* New Microcode patches:
+ Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a10113e
+ Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a10123e
+ Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00212
+ Family=0x19 Model=0xa0 Stepping=0x01: Patch=0x0aa00116
* README: update for new release
* debian/NEWS: AMD Genoa/Bergamo kernel version restrictions
* debian/changelog: update entry for release 3.20230719.1, noting
that it included fixes for "AMD Inception" for Zen3 processors.
We did not know about AMD Inception at the time, but we always
include all available microcode updates when issuing a new
package, so we lucked out.
* debian/changelog: correct some information in 3.20230808.1
entry and reupload as 3.20230808.1.1. There's no Zenbleed
for Zen4... oops!
-- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 10 Aug 2023 10:18:38 -0300
amd64-microcode (3.20230719.1ubuntu1) mantic; urgency=medium
* Merge from Debian unstable; remaining changes:
- initramfs-tools hook (debian/initramfs.hook):
+ Default to 'early' instead of 'auto' when building with
MODULES=most
+ Do not override preset defaults from auto-exported conf
snippets loaded by initramfs-tools.
-- Alex Murray <alex.murray@canonical.com> Tue, 25 Jul 2023 11:57:09 +0930
amd64-microcode (3.20230719.1) unstable; urgency=high
* Update package data from linux-firmware 20230625-39-g59fbffa9:
* Fixes for CVE-2023-20593 "Zenbleed" on AMD Zen2 processors
(closes: #1041863)
* Fixes for CVE-2023-20569 "AMD Inception" on AMD Zen3 processors
(this changelog entry time-travelled from the future, we were
lucky we always include all microcode updates available)
* New Microcode patches:
+ Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a00008
* Updated Microcode patches:
+ Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107a
+ Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a001079
+ Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d1
+ Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001234
* README: update for new release
-- Henrique de Moraes Holschuh <hmh@debian.org> Mon, 24 Jul 2023 13:07:34 -0300
amd64-microcode (3.20230414.1) unstable; urgency=medium
* Update package data from linux-firmware 20230404-38-gfab14965:
(closes: #1031103)
* Updated Microcode patches:
+ Family=0x17 Model=0x31 Stepping=0x00: Patch=0x08301072
+ Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a001078
+ Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011ce
+ Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001231
* README: update for new release
-- Henrique de Moraes Holschuh <hmh@debian.org> Fri, 28 Apr 2023 17:24:39 -0300
amd64-microcode (3.20220411.2) unstable; urgency=medium
* Move source and binary from non-free/admin to non-free-firmware/admin
following the 2022 General Resolution about non-free firmware.
-- Cyril Brulebois <kibi@debian.org> Fri, 17 Feb 2023 01:19:05 +0100
amd64-microcode (3.20220411.1ubuntu3) kinetic; urgency=medium
* Bump the Breaks/Replaces on linux-firmware to match the version which
actually drops the conflicting files. LP: #1983409.
-- Steve Langasek <steve.langasek@ubuntu.com> Tue, 23 Aug 2022 15:23:32 +0000
amd64-microcode (3.20220411.1ubuntu2) kinetic; urgency=medium
[ Mark Esler ]
* debian/control: add Breaks/Replaces on old linux-firmware for movement
of AMD-SEV files.
-- Steve Langasek <steve.langasek@ubuntu.com> Fri, 19 Aug 2022 16:00:34 +0000
amd64-microcode (3.20220411.1ubuntu1) kinetic; urgency=low
* Merge from Debian unstable, LP: #1983409. Remaining changes:
- initramfs-tools hook (debian/initramfs.hook):
+ Default to 'early' instead of 'auto' when building with
MODULES=most
+ Do not override preset defaults from auto-exported conf
snippets loaded by initramfs-tools.
-- Steve Langasek <steve.langasek@ubuntu.com> Tue, 16 Aug 2022 16:32:16 -0700
amd64-microcode (3.20220411.1) unstable; urgency=medium
* Update package data from linux-firmware 20220411:
* New microcode updates from AMD upstream (20220408)
(closes: #1006444, #1009333)
+ New Microcode patches:
sig 0x00830f10, patch id 0x08301055, 2022-02-15
sig 0x00a00f10, patch id 0x0a001058, 2022-02-10
sig 0x00a00f11, patch id 0x0a001173, 2022-01-31
sig 0x00a00f12, patch id 0x0a001229, 2022-02-10
+ Updated Microcode patches:
sig 0x00800f12, patch id 0x0800126e, 2021/11/11
* New AMD-SEV firmware from AMD upstream (20220308)
Fixes: CVE-2019-9836 (closes: #970395)
+ New SEV firmware:
Family 17h models 00h-0fh: version 0.17 build 48
Family 17h models 30h-3fh: version 0.24 build 15
Family 19h models 00h-0fh: version 1.51 build 3
* README: update for new release
* debian: ship AMD-SEV firmware.
Upstream license is the same license used for amd-ucode
-- Henrique de Moraes Holschuh <hmh@debian.org> Fri, 15 Apr 2022 18:27:36 -0300
amd64-microcode (3.20191218.1ubuntu2) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <doko@ubuntu.com> Thu, 07 Oct 2021 12:09:20 +0200
amd64-microcode (3.20191218.1ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- initramfs-tools hook (debian/initramfs.hook):
+ Default to 'early' instead of 'auto' when building with
MODULES=most
+ Do not override preset defaults from auto-exported conf
snippets loaded by initramfs-tools.
-- Steve Langasek <steve.langasek@ubuntu.com> Sat, 15 Feb 2020 23:43:50 -0800
amd64-microcode (3.20191218.1) unstable; urgency=medium
* New microcode update packages from AMD upstream:
+ Removed Microcode updates (known to cause issues):
sig 0x00830f10, patch id 0x08301025, 2019-07-11
* README: update for new release
-- Henrique de Moraes Holschuh <hmh@debian.org> Fri, 20 Dec 2019 18:36:27 -0300
amd64-microcode (3.20191021.1ubuntu1) focal; urgency=low
* Merge from Debian unstable (LP: #1850752). Remaining changes:
- initramfs-tools hook (debian/initramfs.hook):
+ Default to 'early' instead of 'auto' when building with
MODULES=most
+ Do not override preset defaults from auto-exported conf
snippets loaded by initramfs-tools.
-- Steve Beattie <sbeattie@ubuntu.com> Thu, 31 Oct 2019 09:41:22 -0700
amd64-microcode (3.20191021.1) unstable; urgency=medium
* New microcode update packages from AMD upstream:
+ New Microcodes:
sig 0x00830f10, patch id 0x08301025, 2019-07-11
+ Updated Microcodes:
sig 0x00800f12, patch id 0x08001250, 2019-04-16
sig 0x00800f82, patch id 0x0800820d, 2019-04-16
* README: update for new release
-- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 22 Oct 2019 21:00:17 -0300
amd64-microcode (3.20181128.1ubuntu2) eoan; urgency=medium
* Do not override preset defaults from auto-exported conf snippets
loaded by initramfs-tools. This thus allows other hooks, or
alternative confdir override the built-in defaults at mkinitramfs
time. Specifically to support generating installer/golden/bare-metal
initrds with all microcodes for any hardware.
-- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 31 Jul 2019 21:54:24 -0400
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog amd64-microcode`.
Generated by dwww version 1.16 on Mon Dec 15 20:59:08 CET 2025.