عودة

BIOS Update for Security Vulnerabilities: AMD CPU

CVE-2023-20576, CVE-2023-20577, CVE-2023-20579, CVE-2023-20587
Mar 04, 2024

Giga Computing Technology Co., Ltd. acknowledges the security vulnerabilities affecting GIGABYTE’s server, workstation, and motherboard products using the following processors:

 

•        1st Gen AMD EPYC™ Processors (By request)

•        2nd Gen AMD EPYC™ Processors (Target Apr 2024)

•        3rd Gen AMD EPYC™ Processors (Target Apr 2024)

•        4th Gen AMD EPYC™ Processors (Released)

•        AMD Ryzen™ 3000 Series Desktop Processors (By case)

•        AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics (By case)

•        AMD Ryzen™ 5000 Series Desktop Processors (By case)

•        AMD Ryzen™ 7000 Series Desktop Processors (Released)

•        AMD Ryzen™ Threadripper™ PRO 3000WX Processors (Target Apr 2024)

•        AMD Ryzen™ Threadripper™ PRO 5000WX Processors (Target Apr 2024)

•        AMD EPYC™ Embedded 3000 (By request)

 

The vulnerabilities are listed below. Updated BIOS versions to address the threats will be available on all affected product pages.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2023-20576

Severity Rating: High

Description: Insufficient Verification of Data Authenticity in AGESA™ may allow an attacker to update SPI ROM data potentially resulting in denial of service or privilege escalation.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2023-20577

Severity Rating: High

Description: A heap overflow in SMM module may allow an attacker with access to a second vulnerability that enables writing to SPI flash, potentially resulting in arbitrary code execution.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2023-20579

Severity Rating: High

Description: Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2023-20587

Severity Rating: High

Description: Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution.

 

AMD Security Bulletin ID: AMD-SB-7009

 

 

*The release schedule may be adjusted without further notification. Please check this page or contact technical support for any future updates.

*Please navigate to the "Support" section of the relevant product page to download the updated BIOS.

*For any further assistance regarding this issue please contact your Giga Computing sales representative, or create a new support ticket at https://esupport.gigabyte.com