Security Advisory Issued for UEFI Vulnerabilities in Gigabyte Firmware

The Computer Emergency Response Team (CERT) has issued a warning regarding significant security vulnerabilities found in the UEFI firmware of various Gigabyte motherboards. These vulnerabilities could allow attackers to escalate their privileges within the system. Gigabyte has made BIOS updates available for multiple motherboard models to address these security concerns.

The vulnerabilities specifically affect the System Management Mode (SMM), a high-privileged CPU mode that interacts directly with system hardware and is critical for fundamental operating system functions. CERT explains that an attacker could exploit one or more of these vulnerabilities to gain elevated privileges and execute arbitrary code within the SMM environment of UEFI-supported processors.

According to a statement from AMI, the BIOS manufacturer, these vulnerabilities had been patched in the past but have resurfaced in the Gigabyte firmware, prompting this public advisory.

In SMM, commands operate in a protected memory area known as System Management RAM (SMRAM), which is only accessible through System Management Interrupts (SMI). CERT details that insufficient validation of data passed through specific communication buffers can lead to serious security risks, including SMRAM manipulations and unauthorized SMM executions. Attackers can misuse SMI handlers to run arbitrary code early in the boot process, during recovery modes, or prior to the full operating system loading.

Security researchers from Binarly have identified four critical vulnerabilities related to the exploitation of SMM. These include:

• Unvalidated Use of the RBX Register: This vulnerability enables unauthorized write access to SMRAM (CVE-2025-7029, CVSS 8.2, classified as high risk).
• Missing Validation in Function Pointer Structures: This allows attackers to perform critical flash operations such as ReadFlash, WriteFlash, EraseFlash, and GetFlashInfo (CVE-2025-7028, CVSS 8.2, classified as high risk).
• Double Pointer Dereferencing: This vulnerability can lead to arbitrary content being written into SMRAM from attacker-controlled memory locations (CVE-2025-7027, CVSS 8.2, classified as high risk).
• Unverified Pointer in CommandRcx0 Function: This issue allows write access to attacker-specified areas in SMRAM (CVE-2025-7026, CVSS 8.2, classified as high risk).

Binarly's findings indicate that at least 80 different Gigabyte motherboard models are affected, including some older versions. A preliminary review shows that Gigabyte has issued numerous BIOS updates in June, aimed at rectifying these vulnerabilities.

Separately, recent issues with AMD's firmware TPM (fTPM) have also come to light, for which AMD has been providing fixes for several years. However, many manufacturers have not included these corrections in their updated BIOS releases.