**Name of the Vulnerable Software and Affected Versions:**

GIGA-BYTE Technology Co., Ltd. motherboards (affected versions not specified)

Intel® H110

Intel® Z170, H170, B150, Q170

Intel® Z270, H270, B250, Q270

Intel® Z370, B365

Intel® Z390, H310, B360, Q370, C246

Intel® Z490, H470, H410, W480

Intel® Z590, B560, H510, Q570

**Description:**

A vulnerability exists in the Software SMI handler (SwSmiInputValue 0xB2) that allows a local attacker to control the read and write addresses used by the `CommandRcx1` function. The write target is derived from an unvalidated UEFI NVRAM variable (`SetupXtuBufferAddress`), and the write content is read from an attacker-controlled pointer based on the RBX register. This dual-pointer dereference enables arbitrary memory writes within System Management RAM (SMRAM), potentially leading to System Management Mode (SMM) privilege escalation and firmware compromise. The vulnerability impacts older Intel platforms utilizing affected SMM modules.

**Recommendations:**

Update to the latest BIOS versions as soon as they become available for Intel® H110 (available in June 2025).

Contact the Field Application Engineer (FAE) for support for Intel® Z170, H170, B150, Q170, Intel® Z270, H270, B250, Q270, Intel® Z370, B365, and Intel® Z390, H310, B360, Q370, C246 as these platforms are end-of-life.

Update to the latest BIOS versions as soon as they become available for Intel® Z490, H470, H410, W480 (available in June 2025).

Update to the latest BIOS versions as soon as they become available for Intel® Z590, B560, H510, Q570 (available in June 2025).