BIOS Updates for New Intel Security Vulnerabilities incl. "PLUNDERVOLT"

CVE-2019-11157, CVE-2019-14607

Dec 23, 2019

Updated February 25th, 2020 – GIGABYTE is aware of a new group of security vunerabilities affecting Intel mobile, desktop, workstation and server processors. The vunerabilities are detailed in the following Intel Security Advisories released on December 10th 2019:

Intel Security Advisory	Severity Rating	Common Vunerabilities or Exposures (CVE) Code	Details
INTEL-SA-00289 Released 12/10/2019	HIGH	CVE-2019-11157	Intel® Processors Voltage Settings Modification Advisory - "Plundervolt" Improper conditions check in voltage settings for some Intel Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access. More Information: https://plundervolt.com/
INTEL-SA-00317 Released 12/10/2019	MEDIUM	CVE-2019-14607	Unexpected Page Fault in Virtualized Environment Advisory Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access.

Intel Security Advisory

Severity Rating

Common Vunerabilities or Exposures (CVE) Code

Details

INTEL-SA-00289
Released 12/10/2019

HIGH

CVE-2019-11157

Intel® Processors Voltage Settings Modification Advisory - "Plundervolt"

Improper conditions check in voltage settings for some Intel Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access.

More Information: https://plundervolt.com/

INTEL-SA-00317
Released 12/10/2019

MEDIUM

CVE-2019-14607

Unexpected Page Fault in Virtualized Environment Advisory

Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access.

This notice concerns GIGABYTE's server products that are affected by these security vunerabilies.

Intel has released microcode updates to help address these security vulnerabilities. GIGABYTE is working to combine the new microcode into BIOS updates for our server motherboards and systems which use these affected processors. This will take some time, but our team is working hard to update ASAP. Please find the following schedule for BIOS update availability (according to CPU type) which will feature a security patch to mitigate the above vulnerabilities:

Affected Intel CPU Platform	Related Security Vulnerabilities	Affected GIGABYTE Server Products	BIOS Update Schedule & Version
2nd Gen. Intel Xeon Scalable (Purley / Purley Refresh)	INTEL-SA-00317	Server Motherboards, R-Series Server, G-Series Server, H-Series Server, S451-3R0, S461-3T0	Ready (Previous BIOS version published 2019/11/19 contains mitigation for this vulnerability)
Intel Xeon E3-1200 v5/v6 (Greenlow / Greenlow Refresh)	INTEL-SA-00289 INTEL-SA-00317	Server Motherboards, R-Series Server, G-Series Server, W131-X30	Ready
Intel Xeon W (Skylake W – Basin Falls)	INTEL-SA-00317	Server Motherboards, W281-G40	2020/3/16
Intel Core X (Skylake X - Basin Falls)	INTEL-SA-00289 INTEL-SA-00317	R161-R12, R161-R13	Ready
Intel Xeon D-2100 (Skylake D - Bakerville)	INTEL-SA-00317	MB51-PS0	Ready
Intel Xeon E-2100 / E-2200 (Mehlow / Mehlow Refresh)	INTEL-SA-00289 INTEL-SA-00317	Server Motherboards	2020/3/16

Please navigate to the "Support" section of the relevant product page to download the updated BIOS when it becomes available.

For any further assistance regarding this issue please contact your GIGABYTE sales representative, or create a new support ticket at https://esupport.gigabyte.com