BIOS Updates for Recent Security Vulnerabilities in Intel Processors (SA-00191, SA-00213, SA-00223, SA-00233)
Updated August 23rd 2019 - GIGABYTE acknowledges the following security vulnerabilities affecting our server products that have recently been discovered and announced by Intel:
| Intel Security Advisory | Common Vunerabilities or Exposures (CVE) Code | Details |
|---|---|---|
| SA-00191 Released 03/12/2019 |
CVE-2018-12201 CVE-2018-12202 CVE-2018-12203 CVE-2018-12204 CVE-2018-12205 |
Multiple security vulnerabilities in Intel firmware, which when exploited could lead to privilege escalation, disclosure of sensitive information, Denial of Service (DoS), or arbitrary code execution. |
| SA-00213 Released 05/14/2019 |
CVE-2019-0089 CVE-2019-0090 CVE-2019-0086 CVE-2019-0091 CVE-2019-0092 CVE-2019-0093 CVE-2019-0094 CVE-2019-0096 CVE-2019-0097 CVE-2019-0098 CVE-2019-0099 CVE-2019-0153 CVE-2019-0170 |
Multiple potential security vulnerabilities in Intel Converged Security & Management Engine (Intel CSME), Intel Server Platform Services (Intel SPS), Intel Trusted Execution Engine Interface (Intel TXE), Intel Dynamic Application Loader (Intel DAL), and Intel Active Management Technology (Intel AMT) may allow escalation of privilege, information disclosure, and/or denial of service. |
| SA-00223 Released 05/14/2019 |
CVE-2019-0119 CVE-2019-0120 CVE-2019-0126 |
Multiple potential security vulnerabilities in Intel firmware may allow for escalation of privilege or denial of service. |
| SA-00233 Released 05/14/2019 |
CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 |
This is related to a sub-class of speculative execution side-channel vulnerabilities called Microarchitectural Data Sampling (MDS), which exploits speculative operations accessing data in microarchitectural structures within the CPU to expose bits of information through a side channel. These structures are small and frequently overwritten. With a large enough data sample, time, or control of the target system’s behavior, MDS might provide an attacker with ways to glimpse pieces of information they shouldn’t be able to see. There are no known exploits of MDS outside of a research environment, and doing so successfully in the real world is a complex undertaking. |
Intel has released microcode updates to help address these security vulnerabilities. GIGABYTE is working to combine the new microcode into BIOS updates for our server motherboards and systems which use these affected processors. This will take some time, but our team is working hard to update ASAP. Please find the following schedule for BIOS update availability (according to CPU type) which will feature a security patch to mitigate the above vulnerabilities:
| Intel CPU Platform | Related Security Vulnerabilities | Affected GIGABYTE Server Products | BIOS Update Schedule & Version |
|---|---|---|---|
| 2nd Gen. Intel Xeon Scalable (Purley Refresh) Intel Xeon Scalable (Purley) |
SA-00191 SA-00223 SA-00233 |
Server Motherboards, R-Series Server, G-Series Server, H-Series Server, S451-3R0, S461-3T0 | Available |
| Intel Xeon E5-2600 v3/v4 (Grantley / Grantley Refresh) | SA-00233 | Server Motherboards, R-Series Server, G-Series Server, H-Series Server |
Available |
| Intel Xeon E3-1200 v5/v6 (Greenlow / Greenlow Refresh) | SA-00191 SA-00233 |
Server Motherboards, R-Series Server, G-Series Server, W131-X30 | Available |
| Intel Core-X (Skylake-X, Kaby Lake X) | SA-00191 SA-00213 SA-00233 |
R161-R12, R161-R13 | Available |
| Intel Xeon W (Skylake W – Basin Falls) | SA-00191 SA-00213 SA-00233 |
Server Motherboards, W281-G40 | Available |
| Intel Xeon D-1500 (Broadwell DE) Intel Xeon D-2100 (Skylake D) |
SA-00223 SA-00233 |
Server Motherboards, G150-B10, D120-C21 |
Available |
| Intel Xeon E-2100 (Mehlow) | SA-00191 SA-00233 |
Server Motherboards | Available |
| Intel ATOM C3000 (Denverton) | SA-00191 SA-00233 |
MA10-ST0 | Available |
Please navigate to the "Support" section of the relevant product page to download the updated BIOS when it becomes available.
For any further assistance regarding this issue please contact your GIGABYTE sales representative, or create a new support ticket at https://esupport.gigabyte.com
