Researchers have found serious security problems in the firmware of more than 240 Gigabyte motherboards. These flaws could allow hackers to install malware that normal antivirus programs cannot detect or remove.
The vulnerable motherboards were mostly made for Intel desktop processors from the 8th to 11th generations. They were sold between 2017 and 2021.
Experts from cybersecurity firm Binarly and Carnegie Mellon University discovered the issues. They found the problem inside the UEFI firmware. This is the software that starts up a computer before Windows or other operating systems load.
Hackers could use these flaws to bypass protections like Secure Boot. Secure Boot is meant to stop dangerous software from running during startup.
The main problem is with System Management Mode (SMM). SMM controls important hardware functions in a computer. Because of mistakes in Gigabyte’s firmware, attackers with administrative access—whether local or remote—could take over SMM. This would allow them to install malware that hides deep inside the system.
Such malware could stay hidden for a long time, even if the user reinstalls the operating system or runs antivirus scans.
Gigabyte Responds
Gigabyte has released a list of the affected motherboards. In June, the company started to publish BIOS updates to fix the problems.
However, almost half of the affected motherboards are no longer supported because they are considered too old. These models do not get regular updates or security patches anymore.
For these users, Gigabyte suggests contacting a Field Application Engineer. This is usually an option for large businesses, not for regular home users. Many small businesses and individuals may have to buy new hardware to stay safe.
Why the Issue Happened
The firmware in Gigabyte motherboards is based on code from American Megatrends (AMI), a major UEFI firmware provider. AMI had released fixes for these security issues, but Gigabyte failed to apply all of them to some of its products.
Gigabyte says its newer motherboards are not affected by these flaws. The company recommends that customers with older motherboards visit the Gigabyte support website to check for updates.
For users with systems that cannot be patched, experts recommend taking extra security steps or upgrading to newer hardware with better protection.
