BIOS Updates for New Intel Security Vulnerabilities (incl. Zombieload V2) Announced in Intel Platform Update 11/12

INTEL-SA-00241, INTEL-SA-00220, INTEL-SA-00240, INTEL-SA-00270, INTEL-SA-00164, INTEL-SA-00280, INTEL-SA-00254, INTEL-SA-00271
Nov 13, 2019

Updated December 2nd 2019  – GIGABYTE is aware of a new group of security vunerabilities affecting Intel mobile, desktop, workstation and server processors. The vunerabilities are detailed in the following Intel Security Advisories released on November 12th as part of Intel's Platform Update (IPU) https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/: 

Intel Security AdvisorySeverity RatingCommon Vunerabilities or Exposures (CVE) CodeDetails
INTEL-SA-00241
Released 11/12/2019
CRITICAL CVE-2019-0169
CVE-2019-11132
CVE-2019-11147
CVE-2019-11105
CVE-2019-11088
CVE-2019-11131
CVE-2019-11104
CVE-2019-11097
CVE-2019-11103
CVE-2019-0131
CVE-2019-11090
CVE-2019-0165
CVE-2019-0166
CVE-2019-0168
CVE-2019-11087
CVE-2019-11101
CVE-2019-11100
CVE-2019-11102
CVE-2019-11106
CVE-2019-11107
CVE-2019-11109
CVE-2019-11110
CVE-2019-11086
CVE-2019-11108
Potential security vulnerabilities in Intel® Converged Security and Manageability Engine (CSME), Intel® Server Platform Services (SPS), Intel® Trusted Execution Engine (TXE), Intel® Active Management Technology (AMT), Intel® Platform Trust Technology (PTT) and Intel® Dynamic Application Loader (DAL) may allow escalation of privilege, denial of service or information disclosure.
INTEL-SA-00220
Released 11/12/2019
HIGH CVE-2019-0123
CVE-2019-0124
Potential security vulnerabilities in Intel® Software Guard Extensions (SGX) and Intel® Trusted Execution Technology (TXT) may allow escalation of privilege.
INTEL-SA-00240
Released 11/12/2019
HIGH CVE-2019-0152
CVE-2019-0151
Potential security vulnerabilities in System Management Mode (SMM) and Intel® Trusted Execution Technology (TXT) for some Intel® Core™ Processors and Intel® Xeon® Processors may allow escalation of privilege, denial of service or information disclosure. 
INTEL-SA-00270
Released 11/12/2019
MEDIUM CVE-2019-11135

Also known as "Zombieload V2". A potential security vulnerability in TSX Asynchronous Abort (TAA) for some Intel® Processors may allow information disclosure. 

More information on this vunerability can be found here: https://www.zdnet.com/article/intels-cascade-lake-cpus-impacted-by-new-zombieload-v2-attack/

INTEL-SA-00164
Released 11/12/2019
MEDIUM CVE-2019-0184 A potential security vulnerability in Intel® Trusted Execution Technology (TXT) with Intel® Processor Graphics may allow information disclosure.
INTEL-SA-00280
Released 11/12/2019
HIGH CVE-2019-11136
CVE-2019-11137
Potential security vulnerabilities in Intel firmware may allow escalation of privilege, denial of service and/or information disclosure.
INTEL-SA-00254
Released 11/12/2019
MEDIUM CVE-2019-0185 A potential security vulnerability in System Management Mode (SMM) with Intel® Processor Graphics may allow information disclosure.
INTEL-SA-00271
Released 11/12/2019
MEDIUM

CVE-2019-11139

A potential security vulnerability in some Intel® Xeon® Scalable Processors may allow denial of service

This notice concerns GIGABYTE's server products that are affected by these security vunerabilies. 

Intel has released microcode updates to help address these security vulnerabilities. GIGABYTE is working to combine the new microcode into BIOS updates for our server motherboards and systems which use these affected processors. This will take some time, but our team is working hard to update ASAP. Please find the following schedule for BIOS update availability (according to CPU type) which will feature a security patch to mitigate the above vulnerabilities:

Intel CPU PlatformRelated Security VulnerabilitiesAffected GIGABYTE Server ProductsBIOS Update Schedule & Version

2nd Gen. Intel Xeon Scalable (Purley Refresh)

Intel Xeon Scalable (Purley)

INTEL-SA-00241
INTEL-SA-00220
INTEL-SA-00240
INTEL-SA-00270
INTEL-SA-00164
INTEL-SA-00280
INTEL-SA-00254
INTEL-SA-00271
Server Motherboards, R-Series Server, G-Series Server, H-Series ServerS451-3R0S461-3T0

Ready

Intel Xeon E5-2600 v3/v4 (Grantley / Grantley Refresh) Server Motherboards, R-Series Server, G-Series ServerH-Series Server

Ready

Intel Xeon E3-1200 v5/v6 (Greenlow / Greenlow Refresh) Server Motherboards, R-Series Server, G-Series ServerW131-X30

T.B.D.

Intel Xeon W (Skylake W – Basin Falls) Server MotherboardsW281-G40

Ready
(Glacier Falls BIOS Update R01)

Intel Core X (Skylake X - Basin Falls) R161-R12R161-R13

Ready

Intel Xeon D-1500 (Broadwell DE)
Server Motherboards, G150-B10D120-C21

Ready

Intel Xeon D-2100 (Skylake D) MB51-PS0

T.B.D.

Intel Xeon E-2100 (Mehlow) Server Motherboards

Ready

Please navigate to the "Support" section of the relevant product page to download the updated BIOS when it becomes available.

For any further assistance regarding this issue please contact your GIGABYTE sales representative, or create a new support ticket at https://esupport.gigabyte.com