PixieFAIL Vulnerability

CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237
Apr 03, 2024

Giga Computing Technology Co., Ltd. acknowledges the security vulnerabilities affecting GIGABYTE’s server, workstation, and motherboard products. The affected platforms are listed below.

 

Platform

BIOS Release Schedule

AMD EPYC™ 9004 Series Processors

Released

AMD EPYC™ 8004 Series Processors

Released

AMD EPYC™ 7002/7003 Series Processors

Released

AMD Ryzen™ 7000 Series Processors

May 2024

AMD Ryzen™ Threadripper™ PRO 3000/5000 WX-Series Processors

May 2024

4th/5th Gen Intel® Xeon® Scalable Processors

Released

Intel® Xeon® CPU Max Series

Released

3rd Gen Intel® Xeon® Scalable Processors

Released

3rd Gen Intel® Xeon® Scalable Processors (QP)

By request

2nd Gen Intel® Xeon® Scalable Processors

Released

12th/13th/14th Gen Intel® Core™ Processors

May 2024

11th Gen Intel® Core™ Processors

May 2024

Intel® Xeon® E-2400 Series & 12th Gen Intel® Pentium® Series Processors

Apr 2024

Intel® Xeon® E-2300 Series & 11th Gen Intel® Pentium® Series Processors

May 2024

Intel® Xeon® W-2400/W-3400 Processors

Released

NVIDIA Grace™ CPU

Released

Ampere® Altra®/Altra® Max Processors

Released

 

The vulnerabilities are listed below. Updated BIOS versions to address the threats will be available on all affected product pages.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2023-45229

Severity Rating: Medium

Description: EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2023-45230

Severity Rating: High

Description: EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2023-45231

Severity Rating: Medium

Description: EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2023-45232

Severity Rating: High

Description: EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2023-45233

Severity Rating: High

Description: EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2023-45234

Severity Rating: High

Description: EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2023-45235

Severity Rating: High

Description: EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2023-45236

Severity Rating: High

Description: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2023-45237

Severity Rating: High

Description: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

 

 

*The release schedule may be adjusted without further notification. Please check this page or contact technical support for any future updates.

*Please navigate to the "Support" section of the relevant product page to download the updated BIOS.

*For any further assistance regarding this issue please contact your Giga Computing sales representative, or create a new support ticket at https://esupport.gigabyte.com