Security Center

• Summary: This advisory addresses vulnerability CVE-2023-31315. Improper validation in a model specific register (MSR) may allow a malicious program with ring0 access to modify SMM configuration while the SMI lock is enabled, potentially leading to arbitrary code execution.

• Remediation Measures: Users of affected products are advised to update to the latest BIOS version immediately. This update includes the updated AGESA firmware (PhoenixPI-FP8-FP7_1.2.0.0a). Users who do not apply the update assume all associated security risks.

• Solution:

1. Resolved Version: BIOS P1.60 [Download Link] .

2. Download: Please visit the ASRock Industrial Download Center. Search for your specific product model (e.g., 4X4 BOX-8840U) to find and download the required BIOS file.

3. Update Method: The update can be performed via BIOS or Windows. Please refer to the official website documentation for detailed update instructions. The system will restart during the update process; this is normal behavior. 

4. Verification Method: Refer to Step 8 of the Windows update instructions to confirm the BIOS version is P1.60 or higher.