Accepting request 1306572 from Base:System

- switch the supplements to use supplements + kernel to allow
  moving a installation to Intel hardware (bsc#1249138)

OBS-URL: https://build.opensuse.org/request/show/1306572
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ucode-intel?expand=0&rev=78

ucode-intel.changes

@@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Mon Sep 22 14:15:14 UTC 2025 - Marcus Meissner <meissner@suse.com>
+
+- switch the supplements to use supplements + kernel to allow
+  moving a installation to Intel hardware (bsc#1249138)
+
+-------------------------------------------------------------------
+Thu Aug 21 10:32:02 UTC 2025 - Marcus Meissner <meissner@suse.com>
+
+- Intel CPU Microcode was updated to the 20250812 release (bsc#1248438)
+   - Security updates for INTEL-SA-01249 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01249.html
+     - CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
+   - Security updates for INTEL-SA-01308 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01308.html
+     - CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access
+   - Security updates for INTEL-SA-01310 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01310.html
+     - CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.
+   - Security updates for INTEL-SA-01311 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01311.html
+     - CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processor with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
+   - Security updates for INTEL-SA-01313 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01313.html
+     - CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.
+   - Security updates for INTEL-SA-01367 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01367.html
+     - CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
+     - CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
+   - Update for functional issues. Refer to 13th/14th Gen Intel Core Processor Specification Update for details.
+   - Update for functional issues. Refer to 3rd Gen Intel Xeon Processor Scalable Family Specification Update for details.
+   - Update for functional issues. Refer to 4th Gen Intel Xeon Scalable Processors Specification Update for details.
+   - Update for functional issues. Refer to 5th Gen Intel Xeon Scalable Processors Specification Update for details.
+   - Update for functional issues. Refer to 6th Gen Intel Xeon Scalable Processors Specification Update for details.
+   - Update for functional issues. Refer to Intel Core Ultra 200 V Series Processor for details.
+   - Update for functional issues. Refer to Intel Core Ultra Processor for details.
+   - Update for functional issues. Refer to Intel Core Ultra Processor (Series 2) for details.
+   - Update for functional issues. Refer to Intel Xeon 6700-Series Processor Specification Update for details.
+   - Update for functional issues. Refer to Intel Xeon D-2700 Processor Specification Update for details.
+
+  - Updated Platforms:
+
+  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products
+  |:---------------|:---------|:------------|:---------|:---------|:---------
+  | ARL-H          | A1       | 06-c5-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2)
+  | ARL-S/HX (8P)  | B0       | 06-c6-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2)
+  | EMR-SP         | A1       | 06-cf-02/87 | 210002a9 | 210002b3 | Xeon Scalable Gen5
+  | GNR-AP/SP      | B0       | 06-ad-01/95 | 010003a2 | 010003d0 | Xeon Scalable Gen6
+  | GNR-AP/SP      | H0       | 06-ad-01/20 | 0a0000d1 | 0a000100 | Xeon Scalable Gen6
+  | ICL-D          | B0       | 06-6c-01/10 | 010002d0 | 010002e0 | Xeon D-17xx, D-27xx
+  | ICX-SP         | Dx/M1    | 06-6a-06/87 | 0d000404 | 0d000410 | Xeon Scalable Gen3
+  | LNL            | B0       | 06-bd-01/80 | 0000011f | 00000123 | Core Ultra 200 V Series Processor
+  | MTL            | C0       | 06-aa-04/e6 | 00000024 | 00000025 | Core™ Ultra Processor
+  | RPL-H/P/PX 6+8 | J0       | 06-ba-02/e0 | 00004128 | 00004129 | Core Gen13
+  | RPL-U 2+8      | Q0       | 06-ba-03/e0 | 00004128 | 00004129 | Core Gen13
+  | SPR-HBM        | Bx       | 06-8f-08/10 | 2c0003f7 | 2c000401 | Xeon Max
+  | SPR-SP         | E4/S2    | 06-8f-07/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4
+  | SPR-SP         | E5/S3    | 06-8f-08/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4
+  | SRF-SP         | C0       | 06-af-03/01 | 03000341 | 03000362 | Xeon 6700-Series Processors with E-Cores
+
+  New Disclosures Updated in Prior Releases:
+
+  All ADL, RPL, SPR, EMR, MTL, ARL Microcode patches previously released in May 2025.
+
 -------------------------------------------------------------------
 Wed May 14 12:21:56 UTC 2025 - Marcus Meissner <meissner@suse.com>
 

ucode-intel.spec

@@ -20,7 +20,7 @@
 %define _firmwaredir /lib/firmware
 %endif
 Name:           ucode-intel
-Version:        20250512
+Version:        20250812
 Release:        0
 Summary:        Microcode Updates for Intel x86/x86-64 CPUs
 License:        SUSE-Firmware
@@ -30,9 +30,9 @@ BuildRequires:  suse-module-tools
 URL:            https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
 Source0:        https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%version.tar.gz
 Source1:        ucode-intel-rpmlintrc
-Supplements:    modalias(x86cpu:vendor%3A0000%3Afamily%3A*%3Amodel%3A*%3Afeature%3A*)
+Supplements:    (modalias(x86cpu:vendor%3A0000%3Afamily%3A*%3Amodel%3A*%3Afeature%3A*) and kernel)
 # new method ... note that only 1 : might be present, otherwise libzypp misinterprets it.
-Supplements:    modalias(cpu:type%3Ax86*ven0000*)
+Supplements:    (modalias(cpu:type%3Ax86*ven0000*) and kernel)
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires(post): coreutils
 Requires(postun): coreutils