Fix for potential security vulnerabilities in GIGABYTE motherboard BIOS

CVE-2021-44346
Dec 06, 2021

Summary:

Potential security vulnerabilities in GIGABYTE motherboard BIOS including both Intel and AMD platforms, some SMM modules don’t validate caller-provided arguments correctly, which can be exploited by attackers running with ring 0 (kernel) privileges in order to overwrite/corrupt portions of SMRAM in a partially-controlled manner. GIGABYTE is releasing motherboard BIOS updates to mitigate these potential vulnerabilities.

 

Vulnerability Details:

Description: Some SMM modules don’t validate caller-provided arguments correctly, which can be exploited by attackers running with ring 0 (kernel) privileges in order to overwrite/corrupt portions of SMRAM in a partially-controlled manner.

 

Further CVE/MITRE information to be updated.

 

Affected Products:

GIGABYTE motherboards including Intel and AMD platforms:

Intel platform 600-series, 500-series, 400-series, 300-series, X299-series, C246-series

AMD platform X570, X470, X370, B550, B450, B350, A520, A320, X399, TRX40

 

Recommendations:

GIGABYTE recommends that users of those impacted platforms update to the latest BIOS released after 2021/December/1 (or refer to individuals’ release description for dates before 2021/12/01).

 

Updates are available for download at below location:

https://www.gigabyte.com/Motherboard

 

For any further assistance regarding this issue please contact your GIGABYTE sales representative, or create a new support ticket at https://esupport.gigabyte.com