Dozens of Gigabyte motherboard models run on UEFI firmware vulnerable to security issues that allow planting bootkit malware that is invisible to the operating system and can survive reinstalls. The four vulnerabilities are in Gigabyte firmware implementations and were discovered by researchers at firmware security company Binarly, who shared their findings with Carnegie Mellon University’s CERT Coordination Center (CERT/CC). Binarly researchers notified Carnegie Mellon CERT/CC about the issues on April 15 and Gigabyte confirmed the vulnerabilities on June 12, followed by the release of firmware updates, according to CERT/CC. UEFI, or Unified Extensible Firmware Interface, firmware is more secure due to the Secure Boot feature that ensures through cryptographic verifications that a device uses at boot time code that is safe and trusted. Computers from various OEMs using Gigabyte motherboards may be vulnerable, so users are advised to monitor for firmware updates and apply them promptly. The vulnerabilities could allow attackers with local or remote admin permissions to execute arbitrary code in System Management Mode (SMM), an environment isolated from the operating system (OS) and with more privileges on the machine. (AMI), which addressed the issues after a private disclosure but some OEM firmware builds (e.g. Gigabyte's) did not implement the fixes at the time. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. By our count, there are a little more than 240 motherboard models impacted - including revisions, variants, and region-specific editions, with firmware updated between late 2023 and mid-August 2024.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 14 Jul 2025 16:35:20 +0000