CVE-2017-3197

Name of the Vulnerable Software and Affected Versions: GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 version F6 GIGABYTE BRIX UEFI firmware for the GB-BXi7-5775 version F2

Description: The issue concerns the insecure implementation of certain features in the UEFI firmware, specifically BIOSWE, BLE, SMM BWP, and PRx. This insecurity allows for arbitrary write access to the BIOS, potentially enabling modifications to the SPI flash.

Recommendations: For GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 version F6, consider restricting access to the BIOS to prevent unauthorized modifications until a secure update is available. For GIGABYTE BRIX UEFI firmware for the GB-BXi7-5775 version F2, consider implementing additional security measures to protect the BIOS from arbitrary write access, such as secure boot mechanisms or flash protection, until a patch is released.