CVE-2025-7026 Information

Jul 12, 2025 cve

Description

A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control the RBX register which is used as an unchecked pointer in the CommandRcx0 function. If the contents at RBX match certain expected values (e.g. ‘$DB$’ or ‘2DB$’) the function performs arbitrary writes to System Management RAM (SMRAM) leading to potential privilege escalation to System Management Mode (SMM) and persistent firmware compromise.

Reference

https://kb.cert.org/vuls/id/746790 https://www.binarly.io/advisories/brly-dva-2025-008 https://www.gigabyte.com/Support/Security

CNNVD-202507-1675 (Published: 2025-07-11)

Share on:

CVE-2025-7026 Information

Description

Reference

Related CNNVD