Security Bulletin, June 2025

Giga Computing Technology Co., Ltd. acknowledges the security vulnerabilities affecting GIGABYTE’s server, workstation, and motherboard products. The affected platforms are listed below.

The vulnerabilities are listed below. Updated BIOS versions to address the threats will be available on all affected product pages.

Common Vulnerabilities or Exposures (CVEID): CVE-2024-13176

Severity Rating: Medium

Description: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low. The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.

Common Vulnerabilities or Exposures (CVEID): CVE-2024-32326

Severity Rating: Medium

Description: TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function.

Common Vulnerabilities or Exposures (CVEID): CVE-2021-46757

Severity Rating: High

Description: Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation.

Common Vulnerabilities or Exposures (CVEID): CVE-2024-2315

Severity Rating: Medium

Description: APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability.

*The release schedule may be adjusted without further notification. Please check this page or contact technical support for any future updates.

*Please navigate to the "Support" section of the relevant product page to download the updated BIOS.

*For any further assistance regarding this issue please contact your Giga Computing sales representative, or create a new support ticket at https://esupport.gigabyte.com