The vulnerabilities, disclosed by the Software Engineering Institute’s CERT Coordination Center on July 11, 2025, affect multiple Gigabyte systems and could enable attackers to bypass fundamental security protections, including Secure Boot and Intel BootGuard. Successful exploitation allows attackers to disable crucial UEFI security mechanisms, creating opportunities for stealthy firmware implants and establishing persistent system control. Four CVE vulnerabilities in Gigabyte UEFI firmware allow attackers to execute code in privileged System Management Mode (SMM). CVE-2025-7027 presents a double pointer dereference vulnerability involving memory write operations from an unvalidated NVRAM Variable SetupXtuBufferAddress, while CVE-2025-7026 allows attackers to use the RBX register as an unchecked pointer within the CommandRcx0 function, enabling writes to attacker-specified memory locations in SMRAM. Gigabyte has released updated firmware to address these vulnerabilities and strongly advises users to visit their support site to determine system impact and apply necessary updates. These vulnerabilities exploit weaknesses in how the firmware handles data validation when processing SMI requests, particularly through unchecked register usage and inadequate pointer validation. CVE-2025-7028 lacks validation of function pointer structures derived from RBX and RCX registers, enabling attacker control over critical flash operations, including ReadFlash, WriteFlash, EraseFlash, and GetFlashInfo functions through compromised FuncBlock structures. The vulnerabilities enable attackers with local or remote administrative privileges to achieve code execution at Ring-2 privilege level, effectively bypassing all operating system-level protections, reads the CERT/CC report.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 14 Jul 2025 16:35:19 +0000