Hundreds of GIGABYTE motherboards affected by BIOS vulnerability, updates are available

A new GIGABYTE motherboard vulnerability has been discovered that affects the BIOS or UEFI firmware. The vulnerabilities are severe, as they allow attackers with local or administrative privileges to execute code in System Management Mode (SMM), which is separate from the operating system.

2

This allows the code to bypass traditional security on affected devices, as discovered by Binarly, which assigned a high-severity score of 8.2. The good news is that GIGABYTE has posted a security bulletin covering the vulnerabilities, which also lists the affected platforms. However, the vulnerabilities affect hundreds of motherboards covering the Intel 100, 200, 300, 400, and 500 series platforms.

As these vulnerabilities affect motherboards for the popular 10th and 11th Gen Intel Core processors, which many are still using, Eclypsium has published a list of the affected motherboards in PDF format, which can be found here.

And with that, GIGABYTE is releasing BIOS and firmware updates to address the issue, with customers "strongly encouraged to update to the latest BIOS versions as soon as they become available." Unfortunately, some of the affected boards are listed as end-of-life, which means they won't be getting a security update to address the problem. The BIOS updates go all the way back to cover motherboards for Intel's 8th Gen Core CPUs, which should cover most rigs.

GIGABYTE and Binarly have both confirmed that newer platforms are not impacted, alongside motherboards for AMD CPUs. Consider this a friendly reminder to update the BIOS on your motherboard if you're using a system with an older Intel CPU and a GIGABYTE motherboard.