cancel
Showing results for 
Search instead for 
Did you mean: 

SinkClose CPU flaw requires new AGESA

mcury
Level 11

Hello, I would like to ask when the new BIOS is going to be released for the B550 series.

According to AMD, the new AGESA ComboAM4v2PI 1.2.0.cb will fix this vulnerability.

SinkClose tracked as CVE-2023-31315 and rated of high severity (CVSS score: 7.5)

 

More info at: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html 

 

Thanks.

20,946 Views
56 REPLIES 56

Microsoft was preparing some updates to the Window's Bootloader over months now.
This involved installing new certficates (into the UEFI cert store).
If the UEFI gets updated and the new certs are not included the OS won't boot, I guess.
But I'm not sure if they've forced it yet. (I did it manually already weeks ago)
And if this is actually related to the Secure Boot failure...
However the automatic repair should take care of this, I think....

//edit
Could it be that Gigabyte already removed the old cert and only ships the new certs now?

Interesting, thanks for sharing.

It seems to be isolated to Gigabyte, can't find any reports about this regarding MSI boards.

I checked the reddit thread you posted and someone posted a workaround...
By exporting the keys/cert from the old bios and importing them in the new bios...
Could just be that:
- Gigabyte messed this up... just missed some keys/certs
- They removed the old Microsft cert already and only shipping the new one...
?

Could be, based on the workaround, yes.

But I don't have a Gigabyte board here to check.

Secure boot is a awful thing, it can help with security, yes it can, but...

How many problems with it since it begun ?

Linux distros have to pay Microsoft to be able to use it, which as I see it, is a huge problem.

Compromised keys.

Keys that should only be used in testing were released to customers..

It is a complete mess.

Vialli
Level 10

I have the Crosshair viii Extreme and was wondering the same thing!

Still no update, we paid a lot for these motherboards and expect a better service..

MiniRawr
Level 9

Waiting for an update for x570-e gaming with AMD 3700x.

 

armyants808
Level 7

armyants808_1-1725827624347.png

I haven't called ASUS :(, but their chat responses regarding cve-2023-31315 was really generic/unhelpful?

My Gigabyte AMD aorus wifi pro wasn't impacted by their sinkclose update (but I may not be using secure boot fully).

asus rog X570i gaming

hoonu
Level 8

Hopefully there is an update soon. Seeing this delay from a premium vendor is concerning to say the least.

mcury
Level 11

Even the b450 series from gigabyte got the update, B450M S2H has a BIOS update with AMD AGESA 1.2.0.Cc for fix Sinkclose Vulnerability of AMD processors (SMM Lock Bypass).

Yep. This will definitely impact my next upgrade. Fool me once...