BIOS Updates for Recent Security Vulnerabilities in Intel Processors (SA-00191, SA-00213, SA-00223, SA-00233)

CVE-2018-12201, CVE-2018-12202, CVE-2018-12203, CVE-2018-12204, CVE-2018-12205, CVE-2019-0089, CVE-2019-0090, CVE-2019-0086, CVE-2019-0091, CVE-2019-0092, CVE-2019-0093, CVE-2019-0094, CVE-2019-0096, CVE-2019-0097, CVE-2019-0098, CVE-2019-0099, CVE-2019-0153, CVE-2019-0170, CVE-2019-0119, CVE-2019-0120, CVE-2019-0126, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
May 23, 2019

Updated August 23rd 2019 - GIGABYTE acknowledges the following security vulnerabilities affecting our server products that have recently been discovered and announced by Intel:

Intel Security AdvisoryCommon Vunerabilities or Exposures (CVE) CodeDetails
SA-00191
Released 03/12/2019
CVE-2018-12201
CVE-2018-12202
CVE-2018-12203
CVE-2018-12204
CVE-2018-12205
Multiple security vulnerabilities in Intel firmware, which when exploited could lead to privilege escalation, disclosure of sensitive information, Denial of Service (DoS), or arbitrary code execution.
SA-00213
Released 05/14/2019
CVE-2019-0089
CVE-2019-0090
CVE-2019-0086
CVE-2019-0091
CVE-2019-0092
CVE-2019-0093
CVE-2019-0094
CVE-2019-0096
CVE-2019-0097
CVE-2019-0098
CVE-2019-0099
CVE-2019-0153
CVE-2019-0170
Multiple potential security vulnerabilities in Intel Converged Security & Management Engine (Intel CSME), Intel Server Platform Services (Intel SPS), Intel Trusted Execution Engine Interface (Intel TXE), Intel Dynamic Application Loader (Intel DAL), and Intel Active Management Technology (Intel AMT) may allow escalation of privilege, information disclosure, and/or denial of service.
SA-00223
Released 05/14/2019
CVE-2019-0119
CVE-2019-0120
CVE-2019-0126
Multiple potential security vulnerabilities in Intel firmware may allow for escalation of privilege or denial of service.
SA-00233
Released 05/14/2019
CVE-2018-12126
CVE-2018-12127
CVE-2018-12130
CVE-2019-11091
This is related to a sub-class of speculative execution side-channel vulnerabilities called Microarchitectural Data Sampling (MDS), which exploits speculative operations accessing data in microarchitectural structures within the CPU to expose bits of information through a side channel. These structures are small and frequently overwritten. With a large enough data sample, time, or control of the target system’s behavior, MDS might provide an attacker with ways to glimpse pieces of information they shouldn’t be able to see. There are no known exploits of MDS outside of a research environment, and doing so successfully in the real world is a complex undertaking.

Intel has released microcode updates to help address these security vulnerabilities. GIGABYTE is working to combine the new microcode into BIOS updates for our server motherboards and systems which use these affected processors. This will take some time, but our team is working hard to update ASAP. Please find the following schedule for BIOS update availability (according to CPU type) which will feature a security patch to mitigate the above vulnerabilities:

Intel CPU PlatformRelated Security VulnerabilitiesAffected GIGABYTE Server ProductsBIOS Update Schedule & Version
2nd Gen. Intel Xeon Scalable (Purley Refresh)
Intel Xeon Scalable (Purley)
SA-00191
SA-00223
SA-00233
Server Motherboards, R-Series Server, G-Series Server, H-Series ServerS451-3R0S461-3T0 Available
Intel Xeon E5-2600 v3/v4 (Grantley / Grantley Refresh) SA-00233 Server Motherboards, R-Series Server, G-Series ServerH-Series Server

Available

Intel Xeon E3-1200 v5/v6 (Greenlow / Greenlow Refresh) SA-00191
SA-00233
Server Motherboards, R-Series Server, G-Series ServerW131-X30 Available
Intel Core-X (Skylake-X, Kaby Lake X) SA-00191
SA-00213
SA-00233
R161-R12, R161-R13 Available
Intel Xeon W (Skylake W – Basin Falls) SA-00191
SA-00213
SA-00233
Server MotherboardsW281-G40 Available
Intel Xeon D-1500 (Broadwell DE)
Intel Xeon D-2100 (Skylake D)
SA-00223
SA-00233
Server Motherboards, G150-B10D120-C21

Available

Intel Xeon E-2100 (Mehlow) SA-00191
SA-00233
Server Motherboards Available
Intel ATOM C3000 (Denverton) SA-00191
SA-00233
MA10-ST0 Available

Please navigate to the "Support" section of the relevant product page to download the updated BIOS when it becomes available.

For any further assistance regarding this issue please contact your GIGABYTE sales representative, or create a new support ticket at https://esupport.gigabyte.com