Fix for potential security vulnerabilities in GIGABYTE motherboard BIOS
Summary:
Potential security vulnerabilities in GIGABYTE motherboard BIOS including both Intel and AMD platforms, some SMM modules don’t validate caller-provided arguments correctly, which can be exploited by attackers running with ring 0 (kernel) privileges in order to overwrite/corrupt portions of SMRAM in a partially-controlled manner. GIGABYTE is releasing motherboard BIOS updates to mitigate these potential vulnerabilities.
Vulnerability Details:
Description: Some SMM modules don’t validate caller-provided arguments correctly, which can be exploited by attackers running with ring 0 (kernel) privileges in order to overwrite/corrupt portions of SMRAM in a partially-controlled manner.
Further CVE/MITRE information to be updated.
Affected Products:
GIGABYTE motherboards including Intel and AMD platforms:
Intel platform 600-series, 500-series, 400-series, 300-series, X299-series, C246-series
AMD platform X570, X470, X370, B550, B450, B350, A520, A320, X399, TRX40
Recommendations:
GIGABYTE recommends that users of those impacted platforms update to the latest BIOS released after 2021/December/1 (or refer to individuals’ release description for dates before 2021/12/01).
Updates are available for download at below location:
https://www.gigabyte.com/Motherboard
For any further assistance regarding this issue please contact your GIGABYTE sales representative, or create a new support ticket at https://esupport.gigabyte.com