BIOS Updates for Security Vulnerabilities: CVE-2021-0157 and CVE-2021-0158 (SA-00562)
CVE-2021-0157 and CVE-2021-0158
GIGABYTE acknowledges the following security vulnerabilities affecting our server products that support 3rd Gen Intel® Xeon® Scalable Processors.
|Common Vulnerabilities or Exposures (CVE) Code||Severity Rating (CVSS)||Details|
|CVE-2021-0157||8.2, High||Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.|
|CVE-2021-0158||8.2, High||Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.|
GIGABYTE is releasing BIOS updates to fix these potential vulnerabilities. The affected products and their BIOS update availability and release schedule are listed in the table below.
|Affected CPU Platform||Affected GIGABYTE servers||BIOS release schedule|
|Intel||Mehlow Server||WW 50 2021|
|Rocket Lake||WW 52 2021|
|Mehlow WS||WW 03 2022|
|CedarIsland||WW 52 2021|
Please navigate to the "Support" section of the relevant product page to download the updated BIOS.
For any further assistance regarding this issue please contact your GIGABYTE sales representative, or create a new support ticket at https://esupport.gigabyte.com