BIOS Updates for Security Vulnerabilities: GRUB Bootloader (Boothole) and RowHammer
CVE-2020-10713, CVE-2020-10255
Aug 20, 2020
GIGABYTE acknowledges the following security vulnerabilities affecting our server products that we are releasing BIOS updates to fix these potential vulnerabilities.
| Common Vulnerabilities or Exposures (CVE) Code | Severity Rating (CVSS) | Details |
|---|---|---|
| CVE-2020-10713 | 8.2, High | A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
| CVE-2020-10255 | 9, High | Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), or the TRRespass issue. |
The affected products and their BIOS update availability and release schedule are listed in the table below.
| Affected CPU Platform | Affected GIGABYTE servers | BIOS release schedule | |
|---|---|---|---|
| CVE-2020-10713 (Boothole) | CVE-2020-10255 (Rowhammer) | ||
| AMD | EPYC 7002 | TBD | |
| EPYC 7001 | Available | ||
| EPYC Embedded 3000 | TBD | ||
| Intel | Xeon E-2100 / E-2200 | TBD | |
| Xeon W-2200 / W-2100 | TBD | ||
| ARM | Marvell ThunderX | TBD | TBD |
| Marvell ThunderX2 | Available | TBD | |
Please also note that after updating BIOS for CVE-2020-10255, CPU performance might be affected.
Please navigate to the "Support" section of the relevant product page to download the updated BIOS.
For any further assistance regarding this issue please contact your GIGABYTE sales representative, or create a new support ticket at https://esupport.gigabyte.com.
