Gigabyte Deploys Firmware to Mitigate SMM Callout Privilege Escalation Flaw

X570 Aorus Master (Image credit: Gigabyte)

Gigabyte has released new firmwares for its stack of AMD motherboards that brings support for the latest Ryzen 3000XT-series processors and mitigations for the SMM Callout Privilege Escalation vulnerability.

The latest firmwares for AMD 500-and 400-series motherboards include the AGESA Combo V2 1.0.0.2 and Combo V1 1.0.0.6 microcodes, respectively, that will effectively patch the SMM flaw. However, Gigabyte is prioritizing newer motherboards.

According to the Gigabyte's timeline, the beta firmwares for X570 and B550 motherboards are already available for download. The final versions will arrive in the middle of July. Pre-500 series motherboards will receive their beta firmwares in the middle of July with the finalized firmware landing at the end of month.

Chipset	BIOS Version	Beta BIOS Release Date	Formal BIOS Release Date
X570	F20 and after	Mid. of June, 2020	Mid. of July, 2020
B550	F2 and after *	Mid. of June, 2020	Mid. of July, 2020
X470	F51 and after	Mid. of July, 2020	End. of July, 2020
B450	F51 and after *	Mid. of July, 2020	End. of July, 2020
X370	F50 and after	Mid. of July, 2020	End. of July, 2020
B350	F50 and after	Mid. of July, 2020	End. of July, 2020
A320	F50 and after *	Mid. of July, 2020	End. of July, 2020

*Gigabyte urges owners to update the B550 Arous Master, B450M Aorus Elite, B450M H and A320M HD3 motherboards to the F4, F3, F2 and F2 firmware, respectively.

Gigabyte motherboards offer different methods to update the firmware, including Gigabyte @BIOS and Q-Flash. X570 and B550 motherboard owners get access to the Q-Flash Plus feature, which lets you update the firmware without a processor, memory or graphics card present.

The SMM Callout Privilege Escalation primarily targets AMD's client and embedded APUs. Luckily, the vulnerability is patched via a microcode, and AMD has claimed that it doesn't shave any performance off the system.

Topics

CPUs

5 Comments Comment from the forums

mikewinddale

It looks like this flaw only affects APUs, and furthermore, only people who grant physical or administrative access to the system?

I've got a Gigabyte X470 with a Ryzen 7 2700X. The update for me won't be released until later this month. But it seems I don't have to worry, since I don't have an APU? And even if I had an APU, I've got a home desktop, and nobody but me has physical or administrative access. Correct?

Thanks.
Reply
Makaveli

Asus has already released their bios with this fix on July 03.
Reply
Wiffy-4565

Yeah, just built a X570 with the Aorus Ultra and the first thing I did was to update to F20a
Reply
CerianK

mikewinddale said:
It looks like this flaw only affects APUs, and furthermore, only people who grant physical or administrative access to the system?

I've got a Gigabyte X470 with a Ryzen 7 2700X. The update for me won't be released until later this month. But it seems I don't have to worry, since I don't have an APU? And even if I had an APU, I've got a home desktop, and nobody but me has physical or administrative access. Correct?

Thanks.
You are correct. Always assess your current security, performance and stability situation prior to performing a BIOS update so that you can minimize risk on all fronts. Currently, applying a BIOS update is a reasonably safe process when deemed necessary, but history tells us that was not always the case. However, you may also have to consider how much effort you put into the settings, so that you can replicate that process.
Reply
turbomode99

Does this issue really require a microcode update to fix? That's much more significant an issue than an issue with the BIOS code.
Reply

Show more comments