In a nutshell: A major security warning has been issued for owners of Gigabyte motherboards built for Intel desktop processors from the 8th to 11th generations. Researchers have discovered four critical vulnerabilities in the UEFI firmware, the low-level software that initializes hardware during the boot process.
The vulnerabilities, discovered by researchers at Binarly and Carnegie Mellon University, affect the internal firmware of more than 240 Gigabyte motherboard models released between 2017 and 2021. These weaknesses could allow attackers to bypass critical security mechanisms such as Secure Boot, before Windows or any other operating system even begins to load.
The flaws reside in System Management Mode, the processor's most privileged execution environment, which is responsible for handling essential low-level tasks beneath the operating system. SMM relies on a protected memory region that is intended to be inaccessible to unauthorized code. However, due to implementation flaws in Gigabyte's firmware, attackers who gain elevated privileges – whether through local access or a remote exploit – could compromise SMM and ultimately gain full control of the system.
Once an attacker gains administrative access, they can install persistent malware capable of surviving even after the operating system is reinstalled. This level of access also enables them to disable critical security features, such as Secure Boot and Intel Boot Guard. In doing so, attackers open the door to advanced threats like bootkits and firmware rootkits, which can maintain long-term, stealthy control over a device while evading most conventional security tools.
American Megatrends,the firmware vendor behind much of Gigabyte's UEFI code, previously delivered fixes for these vulnerabilities through confidential channels. However, the same flaws have reappeared in Gigabyte firmware shipped with retail products. In many cases, AMI's patches were not properly integrated by Gigabyte before the affected hardware reached consumers. As a result, many older systems remain exposed even after the public disclosure of these security issues.
In response, Gigabyte has published a list of affected products and started releasing BIOS updates, with patches beginning to roll out in June. However, there's a significant complication: nearly half of the vulnerable motherboards have reached End of Life status, meaning they no longer receive regular updates or support. For these devices, Gigabyte merely recommends contacting a Field Application Engineer – a resource typically accessible only to enterprise customers, not average consumers. This leaves many home users and small businesses without a practical solution, aside from replacing their hardware entirely.
Gigabyte has emphasized that newer motherboard platforms are not affected by these specific vulnerabilities, as they include enhanced firmware-level protections. For users with older systems, the company advises visiting its support website to check for available firmware updates. Those with unsupported boards may ultimately be faced with a difficult decision: seek out costly technical support or invest in a newer, more secure PC.
Firmware flaws in over 200 Gigabyte motherboards could lead to undetectable malware
