Security researchers have recently uncovered security issues known by two names, Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, and CVE-2017-5715). These issues apply to all modern processors and affect nearly all computing devices and operating systems. All GIGABYTE systems are affected, but there are no known exploits impacting customers at this time. Since exploiting many of these issues requires a malicious software to be installed in your systems, GIGABYTE recommend downloading software only from trusted sources.
Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from GIGABYTE. Intel has provided a high level statement here: https://newsroom.intel.com/press-kits/security-exploits-intel-products/
Resources
CPU Models | Recovery BIOS Release Time |
---|---|
Intel Xeon Scalable Processors | Done |
Intel Xeon W Processors | TBD |
Intel Xeon Processor E3-1200 v6 Product Family | Done |
Intel Xeon Processor E5 v4 Product Family | TBD |
Intel Xeon Processor D-1500 Product Family | TBD |
Intel Atom Processor C3000 Series | TBD |
Intel Pentium and Celeron Processor N3000 Product Families | TBD |
Intel Atom Processor E3800 Product Family and Intel Celeron Processor N2807/N2930/J1900 | TBD |
AMD EPYC Series | Solve by OS updates |
Cavium ThunderX Product Family | Not impact by this event |
Background
The Meltdown and Spectre issues take advantage of a modern CPU performance feature called speculative execution. Speculative execution improves speed by operating on multiple instructions at once-possibly in a different order than when they entered the CPU. To increase performance, the CPU predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed. If the prediction was wrong, this speculative execution is rolled back in a way that is intended to be invisible to software.
The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memory-including that of the kernel-from a less-privileged user process such as a malicious software running on a system.
Gigabyte Technology Co. Ltd. published this content on 17 January 2018 and is solely responsible for the information contained herein.
Distributed by Public, unedited and unaltered, on 17 January 2018 14:14:10 UTC.
Original documenthttps://www.gigabyte.com/Press/News/1587
Public permalinkhttp://www.publicnow.com/view/6766FB5533EFDC025B164804D2FD69AD5C8D1253