Firmware Update for Security Vulnerabilities Associated with AMI MegaRAC BMC Software, September 2024
Giga Computing Technology Co., Ltd. acknowledges the security vulnerabilities affecting GIGABYTE’s server, workstation, and motherboard products. The affected BMC chips are listed below.
ASPEED AST2600 (patched in version 13.06.05)
The vulnerabilities are listed below. Updated firmware version to address the threats is available on all affected product pages.
Common Vulnerabilities or Exposures (CVEID): CVE-2023-3043
Severity Rating: High
Description: AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
Common Vulnerabilities or Exposures (CVEID): CVE-2023-2975
Severity Rating: Medium
Description: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence.
Common Vulnerabilities or Exposures (CVEID): CVE-2023-5678
Severity Rating: Medium
Description: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow.
Common Vulnerabilities or Exposures (CVEID): CVE-2023-31085
Severity Rating: Medium
Description: An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.
Common Vulnerabilities or Exposures (CVEID): CVE-2023-6606
Severity Rating: High
Description: An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
Common Vulnerabilities or Exposures (CVEID): CVE-2023-31130
Severity Rating: Medium
Description: c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues.
Common Vulnerabilities or Exposures (CVEID): CVE-2023-48795
Severity Rating: Medium
Description: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.
Common Vulnerabilities or Exposures (CVEID): CVE-2023-46218
Severity Rating: Medium
Description: This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL).
*The release schedule may be adjusted without further notification. Please check this page or contact technical support for any future updates.
*Please navigate to the "Support" section of the relevant product page to download the updated BIOS.
*For any further assistance regarding this issue please contact your Giga Computing sales representative, or create a new support ticket at https://esupport.gigabyte.com