|Reported by:||Owned by:|
New release for (according to phoronix) haswell up to coffee lake, cascade lake might not be vulnerable).
Addresses CVE-2020-0543 (SRBDS or Special Register Buffer Data Sampling).
I say "addresses" because the webpage for this vulnerability https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling says
"Intel has implemented its mitigation for the SRBDS vulnerability in a microcode update distributed to software vendors on Tuesday June 9, 2020 or earlier. The mitigation locks the entire memory bus before updating the staging buffer and only unlocks it after clearing its content. This strategy ensures no information is exposed to offcore requests issued from other CPU cores.
Due to the considerable performance overhead of locking the entire system’s memory bus, Intel only applied the mitigation to harden a small number of security-critical instructions, specifically RDRAND, RDSEED, and EGETKEY (a leaf of the ENCLU instruction). This means that output from any other instruction (e.g., RDMSR) that issues offcore requests can be still leaked across CPU cores."
I see that today's -rc releases of supported kernels (5.7.2, 5.6.18, 5.4.46 and the LTS 4.4 releases) will mention this in the vulnerabilities.