You are not logged in.
- Topics: Active | Unanswered
#1 2025-08-30 22:41:38
- rmrichesjr
- Member
- Registered: 2018-12-18
- Posts: 37
amd64-microcode update for transient scheduler attacks
On an AMD Ryzen 7 5800 machine running Devuan Daedalus, I just updated to kernel 6.1.0-38-amd64 and now see a report in dmesg: "Transient Scheduler Attacks: Vulnerable: Clear CPU buffers attempted, no microcode". There is a similar message in the output of lscpu. I have the amd64-microcode package installed, version 3.20240820.1~deb12u1, which was an updated version from the version initially installed in Daedalus. The fact that I got an updated version at some point after installation would seem to indicate I have apt sources set up correctly to get updates to that package.
From https://www.amd.com/en/resources/produc … -7029.html it appears AMD has released a microcode update a few weeks ago. Is Devuan in process of putting this update into the Daedalus repos?
Offline
#2 2025-08-31 01:22:51
- EDX-0
- Member
- Registered: 2020-12-12
- Posts: 142
Re: amd64-microcode update for transient scheduler attacks
if i'm not mistake that is a firmware update, either your need to wait until your board vendor releases an update and install manually, or wait a while and check if it is going to be added to the LVFS database to update with fwupd, mind you not all OEM vendors upload every firmware and microcode updates to LVFS nor upload them in a short time from releaseing the updates, could be anything from days to even a year it all depends on how well the vendor, in this case AMD supports the Linux Vendor Firmware Service.
in my experience the support is not great not terrible, in a couple of ocassions i've had firmware updates for my HP ProBook 445 G7 that runs on an AMD ryzen 7 4700U installable via fwupd, for many others however i've had to install the updates from HP via the uefi update menu
Online
#3 2025-08-31 16:21:22
- greenjeans
- Member
- Registered: 2017-04-07
- Posts: 1,125
- Website
Re: amd64-microcode update for transient scheduler attacks
Firstly, this is NOT an area in which I have great skills or knowledge, so take it with a grain of salt. It's just that I noticed something months ago and am sharing it, forgive me if it's common knowledge. I don't know if it throws a wrench into the process or not.
After installing the microcode package, it throws up a file in /etc/modprobe.d, amd64-microcode-blacklist.conf, which reads thusly:
# The microcode module attempts to apply a microcode update when
# it autoloads. This is not always safe, so we block it by default.
blacklist microcodeIt does this with intel microcode as well.
I only know about that because I use that folder to blacklist wdat_wdt.
https://sourceforge.net/projects/vuu-do/ New Vuu-do isos uploaded August 2025!
Vuu-do GNU/Linux, minimal Devuan-based Openbox and Mate systems to build on. Also a max version for OB.
Devuan 5 mate-mini iso, pure Devuan, 100% no-vuu-do. 
Devuan 6 version also available for testing.
Please donate to support Devuan and init freedom! https://devuan.org/os/donate
Offline
#4 2025-08-31 19:06:33
- Altoid
- Member
- Registered: 2017-05-07
- Posts: 1,810
Re: amd64-microcode update for transient scheduler attacks
Hello:
After installing the microcode package ...
These are the first two lines in my dmesg printout:
$ sudo dmesg | more
groucho@devuan:~$ sudo dmesg
[ 0.000000] microcode: microcode updated early to revision 0xa0b, date = 2010-09-28
[ 0.000000] Linux version 6.1.0-38-amd64 (debian-kernel@lists.debian.org) (gcc-12 (Debian 12.2.0-14+deb12u1) ...
--- snip ---
$ie: first the microcode and then the kernel
Further on, I get this:
$ sudo dmesg | more
--- snip ---
[ 0.155960] MDS: Vulnerable: Clear CPU buffers attempted, no microcode
--- snip ---
[ 3.399828] microcode: sig=0x1067a, pf=0x10, revision=0xa0b
[ 3.400056] microcode: Microcode Update Driver: v2.2.
--- snip ---
$ I also have the intel-microcode package installed and the module blacklisted in /etc/modprobe.d.
$ apt list | grep installed | grep intel-microcode
--- snip ---
intel-microcode/stable-security,now 3.20250512.1~deb12u1 amd64 [installed]
$ The directory /lib/firmware/intel-ucode has 125 files in it, all with a Modify time = May 18 20:06, so they receive updates.
Some insight from Intel:
OS vendors may choose to provide an MCU that the kernel can consume for early loading. For example, Linux can apply an MCU very early in the kernel boot sequence. In situations where a BIOS update isn't available, early loading is the next best alternative to updating processor microcode. Microcode states are reset on a power reset, hence its required that the MCU be loaded every time during boot process.
I'd say that the module is blacklisted so that only the kernel deals with the respective microcode file at the very start of the boot process.
Just an edguess.
Best,
A.
Offline
#5 2025-08-31 19:23:31
- rolfie
- Member
- Registered: 2017-11-25
- Posts: 1,286
Re: amd64-microcode update for transient scheduler attacks
Is Devuan in process of putting this update into the Daedalus repos?
Definitely not. The Daedalus repo will only be updated if there is an update coming from the Debian repo.
Devuan is Debian w/o systemd, only parts that have relation to systemd are replaced or modified.
Anyhow, if I read the document correctly the main fix is an bios update.
Offline
#6 Yesterday 16:29:15
- greenjeans
- Member
- Registered: 2017-04-07
- Posts: 1,125
- Website
Re: amd64-microcode update for transient scheduler attacks
@Altoid, interesting, in my dmesg there's nothing about microcode until line 488 or so (AMD microcode):
[ 3.887181] microcode: microcode updated early to new patch_level=0x05000119
[ 3.887366] microcode: CPU0: patch_level=0x05000119
[ 3.887388] microcode: CPU1: patch_level=0x05000119
[ 3.887403] microcode: Microcode Update Driver: v2.2.https://sourceforge.net/projects/vuu-do/ New Vuu-do isos uploaded August 2025!
Vuu-do GNU/Linux, minimal Devuan-based Openbox and Mate systems to build on. Also a max version for OB.
Devuan 5 mate-mini iso, pure Devuan, 100% no-vuu-do. Devuan 6 version also available for testing.
Please donate to support Devuan and init freedom! https://devuan.org/os/donate
Offline
#7 Yesterday 17:14:11
- Altoid
- Member
- Registered: 2017-05-07
- Posts: 1,810
Re: amd64-microcode update for transient scheduler attacks
Hello:
... in my dmesg there's nothing about microcode until line 488 ...
Well ...
Could be that ... (No idea, just shots in the dark. 8^°)
1. it is an AMD processor. ie: not Intel
2. it is much newer than my Q9550 (released Q1/2008)
3. my CPU gets updated early to a revision number while yours gets the same type of update but to a new patch_level
Note the date on the microcode file (revision 0xa0b, date = 2010-09-28 - 15 years ago) while your patch level is not dated.
Q: do you have the amd64-microcode/stable 3.20240820.1~deb12u1 package installed?
Best,
A.
Offline
#8 Today 14:03:15
- stargate-sg1-cheyenne-mtn
- Member
- Registered: 2023-11-27
- Posts: 364
Re: amd64-microcode update for transient scheduler attacks
this thread makes me want to dig out my Q6600 and Q8200 quad-core machines...iirc they still have beowulf on spinning rust...sounds like a rainy day endeavour.
Be Excellent to each other and Party On!
https://www.youtube.com/watch?v=rph_1DODXDU
https://en.wikipedia.org/wiki/Bill_%26_Ted%27s_Excellent_Adventure
Do unto others as you would have them do instantaneously back to you!
Offline
