GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection
CVE-2017-3197

9.8CRITICAL

Key Information:

Vendor: Gigabyte
Status: Gb-bsi7h-6500; Gb-bxi7-5775
Vendor: CVE Published:; 9 July 2018

What is CVE-2017-3197?

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.

Affected Version(s)

GB-BSi7H-6500 F6

GB-BXi7-5775 F2

References

https://github.com/CylanceVulnResearch/disclosures/blob/m...

x_refsource_MISC

https://github.com/CylanceVulnResearch/disclosures/blob/m...

x_refsource_MISC

https://www.kb.cert.org/vuls/id/507496

third-party-advisoryx_refsource_CERT-VN

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2018
Vulnerability Reserved
Dec 5, 2016

Gigabyte

What is CVE-2017-3197?

Affected Version(s)

References

CVSS V3.1

Timeline