CVE-2025-7029

Published Jul 11, 2025

Last updated 3 days ago

CVSS high 8.2

Overview

Description
A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control the RBX register, which is used to derive pointers (OcHeader, OcData) passed into power and thermal configuration logic. These buffers are not validated before performing multiple structured memory writes based on OcSetup NVRAM values, enabling arbitrary SMRAM corruption and potential SMM privilege escalation.
Source
cret@cert.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.2
Impact score
6
Exploitability score
1.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity
HIGH

Social media

Hype score
Not currently trending

  1. ⚠️Vulnerabilidades del firmware UEFI de Gigabyte ❗CVE-2025-7026 ❗CVE-2025-7027 ❗CVE-2025-7028 ❗CVE-2025-7029 ➡️Más info: https://t.co/MCf1gNja6H https://t.co/GeHqu4tGdo

    @CERTpy

    15 Jul 2025

    131 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.