- Description
- A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control both the read and write addresses used by the CommandRcx1 function. The write target is derived from an unvalidated UEFI NVRAM variable (SetupXtuBufferAddress), while the write content is read from an attacker-controlled pointer based on the RBX register. This dual-pointer dereference enables arbitrary memory writes within System Management RAM (SMRAM), leading to potential SMM privilege escalation and firmware compromise.
- Source
- cret@cert.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.2
- Impact score
- 6
- Exploitability score
- 1.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
⚠️Vulnerabilidades del firmware UEFI de Gigabyte ❗CVE-2025-7026 ❗CVE-2025-7027 ❗CVE-2025-7028 ❗CVE-2025-7029 ➡️Más info: https://t.co/MCf1gNja6H https://t.co/GeHqu4tGdo
@CERTpy
15 Jul 2025
131 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-7027 UEFI NVRAM Variable Manipulation Enabling SMM Privilege Escalation in Software SMI Handler https://t.co/u6FKj8SMAs
@VulmonFeeds
11 Jul 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-7027 A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control both the read and write addresses used by the CommandRcx1 function… https://t.co/KYdSQXyMSH
@CVEnew
11 Jul 2025
152 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes