LogoFAIL Vulnerability

CVE-2023-39538, CVE-2023-39539
Dec 15, 2023

Giga Computing Technology Co., Ltd. acknowledges the security vulnerabilities affecting GIGABYTE’s server, workstation, and motherboard products on all platforms. BIOS updates are scheduled based on the following table.

 

Platform

BIOS Release Schedule

AMD EPYC™ 9004 Series processors

Released

AMD EPYC™ 8004 Series processors

Released

AMD EPYC™ 7003 Series processors

Released

AMD EPYC™ 7002 Series processors

Released

AMD Ryzen™ Threadripper PRO Processors

May 2024

AMD Ryzen™ Processors

May 2024

Intel® Xeon® E-2400 Processors (& Pentium®)

Apr 2024

Intel® Xeon® E-2300 Processors (& Pentium®)

May 2024

12th Gen Intel® Core™ Processors

May 2024

11th Gen Intel® Core™ Processors

May 2024

5th Gen Intel® Xeon® Scalable Processors

Released

4th Gen Intel® Xeon® Scalable Processors

Released

Intel® Xeon® CPU Max Series

Released

3rd Gen Intel® Xeon® Scalable Processors

Released

2nd Gen Intel® Xeon® Scalable Processors

Released

Intel® Xeon® W-3400 Processors

Released

Intel® Xeon® W-2400 Processors

Released

Intel® Xeon® W-3300 Processors

Apr 2024

NVIDIA Grace™ CPU

Released

AmpereOne™ Family

By request

Ampere® Altra® Family

Released

The vulnerabilities are listed below. Updated BIOS versions to address the threats will be available on all affected product pages.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2023-39538

Severity Rating (CVSSv3.1): 7.8, High

Description: AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2023-39539

Severity Rating (CVSSv3.1): 7.8, High

Description: AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

 

 

*The release schedule may be adjusted without further notification. Please check this page or contact technical support for any future updates.

*Please navigate to the "Support" section of the relevant product page to download the updated BIOS.

*For any further assistance regarding this issue please contact your Giga Computing sales representative, or create a new support ticket at https://esupport.gigabyte.com