BIOS Updates for Recent Security Vulnerabilities in Intel Processors (SA-00307)

CVE-2019-14598
2020.03.10

GIGABYTE acknowledges the following security vulnerabilities affecting our server products that have recently been discovered and announced by Intel:

Intel Security AdvisoryCommon Vulnerabilities or Exposures (CVE) CodeSeverity RatingDetails
SA-00307
Released 02/11/2020
CVE-2019-14598 HIGH Improper Authentication in subsystem in Intel® CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.

Potential security vulnerability in CSME subsystem may allow escalation of privilege, denial of service, and information disclosure. Intel is releasing CSME update to mitigate this potential vulnerability. GIGABYTE is working to update the CSME and release BIOS updates for our server motherboards which use these affected processors. Please find the following schedule for BIOS update availability.

Affected GIGABYTE Server ProductsBIOS Update Schedule & Version
Server Motherboards MW32-SP0 Ready
Version R04
(Updated ME to v12.0.64.1551)

Please navigate to the "Support" section of the relevant product page to download the updated BIOS when it becomes available.

For any further assistance regarding this issue please contact your GIGABYTE sales representative, or create a new support ticket at https://esupport.gigabyte.com