Intel Platform Update, August 2024
Giga Computing Technology Co., Ltd. acknowledges the security vulnerabilities affecting GIGABYTE’s server, workstation, and motherboard products. The affected platforms are listed below.
Platform |
BIOS Release Schedule |
5th/4th Gen Intel® Xeon® Scalable Processors |
Sep 2024 |
Intel® Xeon® CPU Max Series |
Sep 2024 |
3rd Gen Intel® Xeon® Scalable Processors |
Released |
2nd Gen Intel® Xeon® Scalable Processors |
Released |
Intel® Xeon® E-2400 Processors (& Pentium®) |
TBD |
Intel® Xeon® E-2300 Processors (& Pentium®) |
Oct 2024 |
14th/13th/12th Gen Intel® Core™ Processors |
Oct 2024 |
11th Gen Intel® Core™ Processors |
By request |
The vulnerabilities are listed below. Updated BIOS versions to address the threats will be available on all affected product pages.
Common Vulnerabilities or Exposures (CVEID): CVE-2023-22351
Severity Rating:
Description: Reserved
Common Vulnerabilities or Exposures (CVEID): CVE-2023-23904
Severity Rating:
Description: Reserved
Common Vulnerabilities or Exposures (CVEID): CVE-2023-25546
Severity Rating:
Description: Reserved
Common Vulnerabilities or Exposures (CVEID): CVE-2023-34424
Severity Rating: Medium
Description: Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access.
Common Vulnerabilities or Exposures (CVEID): CVE-2023-34440
Severity Rating:
Description: Reserved
Common Vulnerabilities or Exposures (CVEID): CVE-2023-38655
Severity Rating: Medium
Description: Improper buffer restrictions in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable denial of service via network access.
Common Vulnerabilities or Exposures (CVEID): CVE-2023-40067
Severity Rating: Medium
Description: Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
Common Vulnerabilities or Exposures (CVEID): CVE-2023-41833
Severity Rating:
Description: Reserved
Common Vulnerabilities or Exposures (CVEID): CVE-2023-42772
Severity Rating:
Description: Reserved
Common Vulnerabilities or Exposures (CVEID): CVE-2023-43626
Severity Rating:
Description: Reserved
Common Vulnerabilities or Exposures (CVEID): CVE-2023-43753
Severity Rating:
Description: Reserved
Common Vulnerabilities or Exposures (CVEID): CVE-2023-43758
Severity Rating:
Description: Reserved
Common Vulnerabilities or Exposures (CVEID): CVE-2023-48361
Severity Rating: Medium
Description: Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access.
Common Vulnerabilities or Exposures (CVEID): CVE-2024-21781
Severity Rating:
Description: Reserved
Common Vulnerabilities or Exposures (CVEID): CVE-2024-21820
Severity Rating:
Description: Reserved
Common Vulnerabilities or Exposures (CVEID): CVE-2024-21829
Severity Rating:
Description: Reserved
Common Vulnerabilities or Exposures (CVEID): CVE-2024-21844
Severity Rating: Medium
Description: Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access.
Common Vulnerabilities or Exposures (CVEID): CVE-2024-21871
Severity Rating:
Description: Reserved
Common Vulnerabilities or Exposures (CVEID): CVE-2024-23599
Severity Rating:
Description: Reserved
Common Vulnerabilities or Exposures (CVEID): CVE-2024-23918
Severity Rating:
Description: Reserved
Common Vulnerabilities or Exposures (CVEID): CVE-2024-23984
Severity Rating:
Description: Reserved
Common Vulnerabilities or Exposures (CVEID): CVE-2024-24853
Severity Rating: High
Description: Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.
Common Vulnerabilities or Exposures (CVEID): CVE-2024-24968
Severity Rating:
Description: Reserved
Common Vulnerabilities or Exposures (CVEID): CVE-2024-24980
Severity Rating: Medium
Description: Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
Common Vulnerabilities or Exposures (CVEID): CVE-2024-35061
Severity Rating: High
Description: NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution.
*The release schedule may be adjusted without further notification. Please check this page or contact technical support for any future updates.
*Please navigate to the "Support" section of the relevant product page to download the updated BIOS.
*For any further assistance regarding this issue please contact your Giga Computing sales representative, or create a new support ticket at https://esupport.gigabyte.com