I was looking into backporting Sid's amd64-microcode package for MX Linux, but this changelog entry gave me pause:


Entrysign (CVE-2024-56161) affects all Zen versions. I updated my BIOS to a version released 11/2025, but of course, not everyone does that, and some people get angry if you brick their machines.

Let me go search the Debian kernel changelog.

Seems like fixes were in 6.17.8 and 6.17.10
Back to top

OK, it seems the microcode firmware loads are volatile, so one could fix a boot problem by booting a Live ISO, chrooting to the installed system, and reverting the amd64-microcode package. I'm going to have it in a special experimental section of the MX repo, so that a user will have to make an effort to upgrade it.
Back to top

From what I'm understanding, the fixes you're referring to block loading of microcode that would otherwise brick a system?

In other words, if the user is running the latest kernel available, the new microcode won't be loaded. However, if you package the latest microcode and they're running an old kernel AND an old bios, their system will hang loading the latest microcode?

It seems you may not really have a good solution here, I'm aware that a lot of people freeze their kernel but update everything else on Debian based systems.

Another option is to make the microcode package conflict on kernel packages older than very specific versions, though that's a new burden for you to maintain. For Liquorix, package versions older than 6.17-12 should be incompatible: github.com/damentz/liquorix-package/releases/tag/6.17-12
Back to top