Testers needed for updated packages: Intel and AMD CPUs affected

# Testers needed for updated packages: Intel and AMD CPUs affected Earlier this week a few vulnerabilities have been reported to affect Intel and AMD CPUs. AlmaLinux OS Foundation calls for community to help to test updated packages for AlmaLinux OS 8 and AlmaLinux OS 9. ### How do I install updated packages? As AlmaLinux OS has changed its build processes in order to be [ABI compatible](https://almalinux.org/blog/future-of-almalinux/) with Red Hat, **Testing** repo has been created for packages that differ from RHEL and require additional testing by community. To be able to help with testing, **Testing** repo should be enabled on AlmaLinux machine: ``` dnf install -y almalinux-release-testing ``` It's highly recommended to enable **Testing** repo on all non-production machines to participate in AlmaLinux development. ### CVE-2022-40982 aka Downfall (Intel) [CVE-2022-40982](https://downfall.page/) vulnerability is related to a Gather Data Sampling (GDS) transient execution side-channel vulnerability affecting Intel CPUs. This may allow an attacker to access stale data from previously used vector registers on the same physical core. Computing devices based on Intel Core processors from the 6th Skylake to (including) the 11th Tiger Lake generation are affected. The vulnerability can be mitigated by updating CPU microcode - `microcode_ctl` package: ``` dnf update microcode_ctl ``` **To check that the installation completed successfully, you can run:** ``` rpm -qa microcode_ctl ``` **Make sure that you've got the following version:** * AlmaLinux OS 8 - microcode_ctl-20220809-2.20230808.1.el8_8.alma * AlmaLinux OS 9 - microcode_ctl-20220809-2.20230808.1.el9_2.alma **To update CPU microcode run the following:** ``` echo 1 > /sys/devices/system/cpu/microcode/reload ``` ### CVE-2023-20569 (AMD) [CVE-2023-20569](https://nvd.nist.gov/vuln/detail/CVE-2023-20569) vulnerability affects "Zen 3" and "Zen 4" AMD CPUs as it may allow an attacker to influence the return address prediction. This may potentially lead to information disclosure. The vulnerability can be partially mitigated by updating `linux-firmware` package: ``` dnf update linux-firmware ``` **To check that the installation completed successfully, you can run:** ``` rpm -qa linux-firmware ``` **Make sure that you've got the following version:** * AlmaLinux OS 8 - linux-firmware-20230404-114.git2e92a49f.el8_8.alma.1 * AlmaLinux OS 9 - linux-firmware-20230310-134.el9_2.alma.1 **To update CPU microcode run the following:** ``` echo 1 > /sys/devices/system/cpu/microcode/reload ``` ### Share your output Once you have completed your testing, please help us by letting us know it works for you! Please share the information (sanitized in whatever way you feel comfortable) in a comment on the issue that we have created specificaly for AlmaLinux 8 and for AlmaLinux 9 to track on [bugs.almalinux.org](https://bugs.almalinux.org/): * AlmaLinux OS 8 * [CVE-2022-40982 (Intel)](https://bugs.almalinux.org/view.php?id=420) * [CVE-2023-20569 (AMD)](https://bugs.almalinux.org/view.php?id=419) * AlmaLinux OS 9 * [CVE-2022-40982 (Intel)](https://bugs.almalinux.org/view.php?id=418) * [CVE-2023-20569 (AMD)](https://bugs.almalinux.org/view.php?id=417) Please include the output of the two commands from the test server and whether it worked for you: ``` lscpu journalctl -k --grep=microcode ``` ## Come Help with Testing If you want to contribute and help with testing - join the AlmaLinux community and the Release Engineering SIG [chat channel](https://chat.almalinux.org/almalinux/channels/engineeringreleng). We appreciate any contribution as they help us keep AlmaLinux OS free and make it better!