CVE-2025-7029

Name of the Vulnerable Software and Affected Versions Gigabyte motherboards (affected versions not specified) Intel® H110 Intel® Z170, H170, B150, Q170 Intel® Z270, H270, B250, Q270 Intel® Z370, B365 Intel® Z390, H310, B360, Q370, C246 Intel® Z490, H470, H410, W480 Intel® Z590, B560, H510, Q570

Description A vulnerability exists in the Software SMI handler (SwSmiInputValue 0xB2), allowing a local attacker to control the RBX register. This register is used to derive pointers (OcHeader, OcData) passed to power and thermal configuration logic. Insufficient validation of these buffers before multiple structured memory writes, based on OcSetup NVRAM values, can lead to arbitrary SMRAM corruption and potential SMM privilege escalation.

Recommendations Intel® H110: Update to the BIOS version available in June 2025. Intel® Z170, H170, B150, Q170: Contact the Field Application Engineer (FAE) for support. Intel® Z270, H270, B250, Q270: Contact the Field Application Engineer (FAE) for support. Intel® Z370, B365: Contact the Field Application Engineer (FAE) for support. Intel® Z390, H310, B360, Q370, C246: Update to the BIOS version available in June 2025. Intel® Z490, H470, H410, W480: Update to the BIOS version available in June 2025. Intel® Z590, B560, H510, Q570: Update to the BIOS version available in June 2025.