ASPEED AST2400 & AST2500 Security Vulnerabilities

GIGABYTE is aware of a recently security vulnerability, CVE-2019-6260, which affects GIGABYTE server motherboards and systems using ASPEED AST2400 or AST2500 SOC to implement BMC functionality. According to the National Vulnerability Database, the ASPEED AST2400 and AST2500 BMC hardware and firmware implement Advanced High-performance Bus bridges, which can allow arbitrary read and write access to the BMC’s physical address space from the host.

If you are using a GIGABYTE server product that uses an ASPEED AST2400 or AST2500 SOC, it is recommended the following action be taken to mitigate this security vulnerability:

1. Download an updated version of the server product BIOS which contains CVE-2019-6260 security patch update. 
The BIOS update with CVE-2019-6260 security patch is currently being updated for each server product according to the following schedule (please see each product page – support section to download the latest BIOS version)

Intel Xeon E (Mehlow)AMI3/29
Intel Xeon D (Skylake D)AMI4/5
AMD EPYC (Naples)AMI4/12
2nd Gen. Intel Xeon Scalable (Cascade Lake)AMI4/2
1st Gen. Intel Xeon Scalable (Skylake)VertivNo schedule yet
Cavium ThunderX / ThunderX2Vertiv / AMINo schedule yet
All other CPU / chipsetVertiv / AMINo schedule yet

2. Download an updated version of the server product BMC firmware which contains CVE-2019-6260 security patch update.

A. For server products using AMI BMC Firmware (with Megarac SP-X management interface): AMI BMC version 2.83 will be released for download on GIGABYTE’s official website on April 1 (please see each product page – support section to download the latest firmware version)…

This Article first appeared on Gigabyte NewsRoom

Pavlos Papadopoulos

Gadget Rumors

Gadget Rumors is a Personal Blog that is Addicted to Technology News, Coolest Gadgets, Latest Rumors, Smart phone News, Android and iOS Latest Apps and News, Computer and Software News

You may also like...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.