LogoFAIL Vulnerability

Giga Computing Technology Co., Ltd. acknowledges the security vulnerabilities affecting GIGABYTE’s server, workstation, and motherboard products on all platforms. BIOS updates are scheduled based on the following table.

The vulnerabilities are listed below. Updated BIOS versions to address the threats will be available on all affected product pages.

Common Vulnerabilities or Exposures (CVEID): CVE-2023-39538

Severity Rating (CVSSv3.1): 7.8, High

Description: AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

Common Vulnerabilities or Exposures (CVEID): CVE-2023-39539

Severity Rating (CVSSv3.1): 7.8, High

Description: AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

*The release schedule may be adjusted without further notification. Please check this page or contact technical support for any future updates.

*Please navigate to the "Support" section of the relevant product page to download the updated BIOS.

*For any further assistance regarding this issue please contact your Giga Computing sales representative, or create a new support ticket at https://esupport.gigabyte.com