Skip to main content

Gigabyte Deploys Firmware to Mitigate SMM Callout Privilege Escalation Flaw

X570 Aorus Master

X570 Aorus Master (Image credit: Gigabyte)

Gigabyte has released new firmwares for its stack of AMD motherboards that brings support for the latest Ryzen 3000XT-series processors and mitigations for the SMM Callout Privilege Escalation vulnerability.

The latest firmwares for AMD 500-and 400-series motherboards include the AGESA Combo V2 1.0.0.2 and Combo V1 1.0.0.6 microcodes, respectively, that will effectively patch the SMM flaw. However, Gigabyte is prioritizing newer motherboards.

According to the Gigabyte's timeline, the beta firmwares for X570 and B550 motherboards are already available for download. The final versions will arrive in the middle of July. Pre-500 series motherboards will receive their beta firmwares in the middle of July with the finalized firmware landing at the end of month.

ChipsetBIOS VersionBeta BIOS Release DateFormal BIOS Release Date
X570F20 and afterMid. of June, 2020Mid. of July, 2020
B550F2 and after *Mid. of June, 2020Mid. of July, 2020
X470F51 and afterMid. of July, 2020End. of July, 2020
B450F51 and after *Mid. of July, 2020End. of July, 2020
X370F50 and afterMid. of July, 2020End. of July, 2020
B350F50 and afterMid. of July, 2020End. of July, 2020
A320F50 and after *Mid. of July, 2020End. of July, 2020

*Gigabyte urges owners to update the B550 Arous Master, B450M Aorus Elite, B450M H and A320M HD3 motherboards to the F4, F3, F2 and F2 firmware, respectively.

Gigabyte motherboards offer different methods to update the firmware, including Gigabyte @BIOS and Q-Flash. X570 and B550 motherboard owners get access to the Q-Flash Plus feature, which lets you update the firmware without a processor, memory or graphics card present.

The SMM Callout Privilege Escalation primarily targets AMD's client and embedded APUs. Luckily, the vulnerability is patched via a microcode, and AMD has claimed that it doesn't shave any performance off the system.

  • mikewinddale
    It looks like this flaw only affects APUs, and furthermore, only people who grant physical or administrative access to the system?

    I've got a Gigabyte X470 with a Ryzen 7 2700X. The update for me won't be released until later this month. But it seems I don't have to worry, since I don't have an APU? And even if I had an APU, I've got a home desktop, and nobody but me has physical or administrative access. Correct?

    Thanks.
    Reply
  • Makaveli
    Asus has already released their bios with this fix on July 03.
    Reply
  • Wiffy-4565
    Yeah, just built a X570 with the Aorus Ultra and the first thing I did was to update to F20a
    Reply
  • CerianK
    mikewinddale said:
    It looks like this flaw only affects APUs, and furthermore, only people who grant physical or administrative access to the system?

    I've got a Gigabyte X470 with a Ryzen 7 2700X. The update for me won't be released until later this month. But it seems I don't have to worry, since I don't have an APU? And even if I had an APU, I've got a home desktop, and nobody but me has physical or administrative access. Correct?

    Thanks.
    You are correct. Always assess your current security, performance and stability situation prior to performing a BIOS update so that you can minimize risk on all fronts. Currently, applying a BIOS update is a reasonably safe process when deemed necessary, but history tells us that was not always the case. However, you may also have to consider how much effort you put into the settings, so that you can replicate that process.
    Reply
  • turbomode99
    Does this issue really require a microcode update to fix? That's much more significant an issue than an issue with the BIOS code.
    Reply