BIOS Updates for New Intel Security Vulnerabilities incl. "PLUNDERVOLT"

CVE-2019-11157, CVE-2019-14607
2019-12-23

Updated February 25th, 2020  – GIGABYTE is aware of a new group of security vunerabilities affecting Intel mobile, desktop, workstation and server processors. The vunerabilities are detailed in the following Intel Security Advisories released on December 10th 2019:

Intel Security AdvisorySeverity RatingCommon Vunerabilities or Exposures (CVE) CodeDetails
INTEL-SA-00289
Released 12/10/2019
HIGH CVE-2019-11157

Intel® Processors Voltage Settings Modification Advisory - "Plundervolt"

Improper conditions check in voltage settings for some Intel Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access.

More Information: https://plundervolt.com/

INTEL-SA-00317
Released 12/10/2019
MEDIUM CVE-2019-14607

Unexpected Page Fault in Virtualized Environment Advisory

Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access.

This notice concerns GIGABYTE's server products that are affected by these security vunerabilies. 

Intel has released microcode updates to help address these security vulnerabilities. GIGABYTE is working to combine the new microcode into BIOS updates for our server motherboards and systems which use these affected processors. This will take some time, but our team is working hard to update ASAP. Please find the following schedule for BIOS update availability (according to CPU type) which will feature a security patch to mitigate the above vulnerabilities:

Affected Intel CPU PlatformRelated Security VulnerabilitiesAffected GIGABYTE Server ProductsBIOS Update Schedule & Version

2nd Gen. Intel Xeon Scalable (Purley / Purley Refresh)

INTEL-SA-00317

Server Motherboards, R-Series Server, G-Series Server, H-Series ServerS451-3R0S461-3T0

Ready

(Previous BIOS version published 2019/11/19 contains mitigation for this vulnerability)

Intel Xeon E3-1200 v5/v6 (Greenlow / Greenlow Refresh)

INTEL-SA-00289

INTEL-SA-00317

Server Motherboards, R-Series Server, G-Series ServerW131-X30

Ready

Intel Xeon W (Skylake W – Basin Falls)

INTEL-SA-00317

Server MotherboardsW281-G40

2020/3/16

Intel Core X (Skylake X - Basin Falls)

INTEL-SA-00289

INTEL-SA-00317

R161-R12R161-R13

Ready

Intel Xeon D-2100 (Skylake D - Bakerville)

INTEL-SA-00317

MB51-PS0

Ready

Intel Xeon E-2100 / E-2200 (Mehlow / Mehlow Refresh)

INTEL-SA-00289

INTEL-SA-00317

Server Motherboards

2020/3/16

Please navigate to the "Support" section of the relevant product page to download the updated BIOS when it becomes available.

For any further assistance regarding this issue please contact your GIGABYTE sales representative, or create a new support ticket at https://esupport.gigabyte.com