BIOS Updates for Security Vulnerabilities: CVE-2021-0157 and CVE-2021-0158 (SA-00562)

CVE-2021-0157 and CVE-2021-0158

CVE-2021-0157 and CVE-2021-0158
2021/11/29

GIGABYTE acknowledges the following security vulnerabilities affecting our server products that support 3rd Gen Intel® Xeon® Scalable Processors.

Common Vulnerabilities or Exposures (CVE) CodeSeverity Rating (CVSS)Details
CVE-2021-0157 8.2, High Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2021-0158 8.2, High Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

GIGABYTE is releasing BIOS updates to fix these potential vulnerabilities. The affected products and their BIOS update availability and release schedule are listed in the table below.

Affected CPU PlatformAffected GIGABYTE serversBIOS release schedule
CVE-2021-0157CVE-2021-0158
Intel Mehlow Server WW 50 2021
Rocket Lake WW 52 2021
Mehlow WS WW 03 2022
CedarIsland WW 52 2021

Please navigate to the "Support" section of the relevant product page to download the updated BIOS.


For any further assistance regarding this issue please contact your GIGABYTE sales representative, or create a new support ticket at https://esupport.gigabyte.com