BIOS Updates for Security Vulnerabilities: GRUB Bootloader (Boothole) and RowHammer

CVE-2020-10713, CVE-2020-10255
2020-08-20

GIGABYTE acknowledges the following security vulnerabilities affecting our server products that we are releasing BIOS updates to fix these potential vulnerabilities.

Common Vulnerabilities or Exposures (CVE) CodeSeverity Rating (CVSS)Details
CVE-2020-10713 8.2, High A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-10255 9, High Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), or the TRRespass issue.

The affected products and their BIOS update availability and release schedule are listed in the table below.

Affected CPU PlatformAffected GIGABYTE serversBIOS release schedule
CVE-2020-10713
(Boothole)
CVE-2020-10255
(Rowhammer)
AMD EPYC 7002 TBD
EPYC 7001 Available
EPYC Embedded 3000 TBD
Intel Xeon E-2100 / E-2200 TBD
Xeon W-2200 / W-2100 TBD
ARM Marvell ThunderX TBD TBD
Marvell ThunderX2 Available TBD

Please also note that after updating BIOS for CVE-2020-10255, CPU performance might be affected.

Please navigate to the "Support" section of the relevant product page to download the updated BIOS.
For any further assistance regarding this issue please contact your GIGABYTE sales representative, or create a new support ticket at https://esupport.gigabyte.com.