Intel Platform Update, August 2024

CVE-2023-22351, CVE-2023-23904, CVE-2023-25546, CVE-2023-34424, CVE-2023-34440, CVE-2023-38655, CVE-2023-40067, CVE-2023-41833, CVE-2023-42772, CVE-2023-43626, CVE-2023-43753, CVE-2023-43758, CVE-2023-48361, CVE-2024-21781, CVE-2024-21820, CVE-2024-21829, CVE-2024-21844, CVE-2024-21871, CVE-2024-23599, CVE-2024-23918, CVE-2024-23984, CVE-2024-24853, CVE-2024-24968, CVE-2024-24980, CVE-2024-35061

Aug 30, 2024

Giga Computing Technology Co., Ltd. acknowledges the security vulnerabilities affecting GIGABYTE’s server, workstation, and motherboard products. The affected platforms are listed below.

Platform	BIOS Release Schedule
5th/4th Gen Intel® Xeon® Scalable Processors	Sep 2024
Intel® Xeon® CPU Max Series	Sep 2024
3rd Gen Intel® Xeon® Scalable Processors	Released
2nd Gen Intel® Xeon® Scalable Processors	Released
Intel® Xeon® E-2400 Processors (& Pentium®)	TBD
Intel® Xeon® E-2300 Processors (& Pentium®)	Oct 2024
14th/13th/12th Gen Intel® Core™ Processors	Oct 2024
11th Gen Intel® Core™ Processors	By request

The vulnerabilities are listed below. Updated BIOS versions to address the threats will be available on all affected product pages.

Common Vulnerabilities or Exposures (CVEID): CVE-2023-22351

Severity Rating:

Description: Reserved

Common Vulnerabilities or Exposures (CVEID): CVE-2023-23904

Severity Rating:

Description: Reserved

Common Vulnerabilities or Exposures (CVEID): CVE-2023-25546

Severity Rating:

Description: Reserved

Common Vulnerabilities or Exposures (CVEID): CVE-2023-34424

Severity Rating: Medium

Description: Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access.

Common Vulnerabilities or Exposures (CVEID): CVE-2023-34440

Severity Rating:

Description: Reserved

Common Vulnerabilities or Exposures (CVEID): CVE-2023-38655

Severity Rating: Medium

Description: Improper buffer restrictions in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable denial of service via network access.

Common Vulnerabilities or Exposures (CVEID): CVE-2023-40067

Severity Rating: Medium

Description: Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Common Vulnerabilities or Exposures (CVEID): CVE-2023-41833

Severity Rating:

Description: Reserved

Common Vulnerabilities or Exposures (CVEID): CVE-2023-42772

Severity Rating:

Description: Reserved

Common Vulnerabilities or Exposures (CVEID): CVE-2023-43626

Severity Rating:

Description: Reserved

Common Vulnerabilities or Exposures (CVEID): CVE-2023-43753

Severity Rating:

Description: Reserved

Common Vulnerabilities or Exposures (CVEID): CVE-2023-43758

Severity Rating:

Description: Reserved

Common Vulnerabilities or Exposures (CVEID): CVE-2023-48361

Severity Rating: Medium

Description: Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access.

Common Vulnerabilities or Exposures (CVEID): CVE-2024-21781

Severity Rating:

Description: Reserved

Common Vulnerabilities or Exposures (CVEID): CVE-2024-21820

Severity Rating:

Description: Reserved

Common Vulnerabilities or Exposures (CVEID): CVE-2024-21829

Severity Rating:

Description: Reserved

Common Vulnerabilities or Exposures (CVEID): CVE-2024-21844

Severity Rating: Medium

Description: Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Common Vulnerabilities or Exposures (CVEID): CVE-2024-21871

Severity Rating:

Description: Reserved

Common Vulnerabilities or Exposures (CVEID): CVE-2024-23599

Severity Rating:

Description: Reserved

Common Vulnerabilities or Exposures (CVEID): CVE-2024-23918

Severity Rating:

Description: Reserved

Common Vulnerabilities or Exposures (CVEID): CVE-2024-23984

Severity Rating:

Description: Reserved

Common Vulnerabilities or Exposures (CVEID): CVE-2024-24853

Severity Rating: High

Description: Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.

Common Vulnerabilities or Exposures (CVEID): CVE-2024-24968

Severity Rating:

Description: Reserved

Common Vulnerabilities or Exposures (CVEID): CVE-2024-24980

Severity Rating: Medium

Description: Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Common Vulnerabilities or Exposures (CVEID): CVE-2024-35061

Severity Rating: High

Description: NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution.

*The release schedule may be adjusted without further notification. Please check this page or contact technical support for any future updates.

*Please navigate to the "Support" section of the relevant product page to download the updated BIOS.

*For any further assistance regarding this issue please contact your Giga Computing sales representative, or create a new support ticket at https://esupport.gigabyte.com