Sinkclose Vulnerability

CVE-2023-31315
Aug 16, 2024

Giga Computing Technology Co., Ltd. acknowledges the recent concerns regarding the vulnerability known as "Sinkclose," which impacts multiple GIGABYTE server, workstation, and motherboard products on AMD platform. Giga Computing is actively addressing this issue and will release updates according to the schedule below.

 

Platform

BIOS Release Schedule

AMD EPYC™ 9004 Series Processors

Released

AMD EPYC™ 8004 Series Processors

Released

AMD EPYC™ 7003 Series Processors

Sep 2024

AMD EPYC™ 7002 Series Processors

Sep 2024

AMD EPYC™ 4004 / Ryzen™ 7000 Series Processors

Sep 2024

AMD Ryzen™ 5000/4000 Series Processors

Oct 2024 (ww40)

AMD Ryzen™ 3000 Series Processors

TBD

AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors

Sep 2024

AMD Ryzen™ Threadripper™ PRO 5000/3000 WX-Series Processors

Sep 2024

 

The vulnerabilities are listed below. Updated BIOS versions to address the threats will be available on all affected product pages.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2023-31315

Severity Rating: High

Description: Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.

 

 

*The release schedule may be adjusted without further notification. Please check this page or contact technical support for any future updates.

*Please navigate to the "Support" section of the relevant product page to download the updated BIOS.

*For any further assistance regarding this issue please contact your Giga Computing sales representative, or create a new support ticket at https://esupport.gigabyte.com