Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-7029

A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control the RBX register, which is used to derive pointers (OcHeader, OcData) passed into power and thermal configuration logic. These buffers are not validated before performing multiple structured memory writes based on OcSetup NVRAM values, enabling arbitrary SMRAM corruption and potential SMM privilege escalation.

Published

2025-07-11T16:15:27.237

Last Modified

2025-07-15T15:15:26.493

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 8.2 (HIGH)

Weaknesses

Affected Vendors & Products

References

https://kb.cert.org/vuls/id/746790 ([email protected])
https://www.binarly.io/advisories/brly-dva-2025-011 ([email protected])
https://www.gigabyte.com/Support/Security ([email protected])