BIOS Updates for Recent Security Vulnerabilities in Intel Processors (SA-00307)
GIGABYTE acknowledges the following security vulnerabilities affecting our server products that have recently been discovered and announced by Intel:
|Intel Security Advisory||Common Vulnerabilities or Exposures (CVE) Code||Severity Rating||Details|
|CVE-2019-14598||HIGH||Improper Authentication in subsystem in Intel® CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.|
Potential security vulnerability in CSME subsystem may allow escalation of privilege, denial of service, and information disclosure. Intel is releasing CSME update to mitigate this potential vulnerability. GIGABYTE is working to update the CSME and release BIOS updates for our server motherboards which use these affected processors. Please find the following schedule for BIOS update availability.
|Affected GIGABYTE Server Products||BIOS Update Schedule & Version|
|Server Motherboards MW32-SP0||Ready
(Updated ME to v220.127.116.111)
Please navigate to the "Support" section of the relevant product page to download the updated BIOS when it becomes available.
For any further assistance regarding this issue please contact your GIGABYTE sales representative, or create a new support ticket at https://esupport.gigabyte.com