CVE-2025-7026
BaseFortify
Publication date: 2025-07-11
Last updated on: 2025-11-03
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gigabyte | firmware | * |
| ami | firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Software SMI handler (SwSmiInputValue 0xB2), where a local attacker can control the RBX register. RBX is used as an unchecked pointer in the CommandRcx0 function. If RBX points to certain expected values (like '$DB$' or '2DB$'), the function allows arbitrary writes to System Management RAM (SMRAM). This can lead to privilege escalation to System Management Mode (SMM) and persistent firmware compromise.
How can this vulnerability impact me? :
The vulnerability can allow a local attacker to escalate privileges to System Management Mode (SMM), which is a highly privileged mode in the system. This can result in persistent firmware compromise, potentially allowing the attacker to execute arbitrary code at a very high privilege level, bypass security controls, and maintain persistence even after system reboots.