CVE-2025-7029

Published: Jul 11, 2025

Modified: Feb 26, 2026

PUBLISHED

Description

A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control the RBX register, which is used to derive pointers (OcHeader, OcData) passed into power and thermal configuration logic. These buffers are not validated before performing multiple structured memory writes based on OcSetup NVRAM values, enabling arbitrary SMRAM corruption and potential SMM privilege escalation.

Vendor	Product	Versions
GIGABYTE	UEFI-OverClockSmiHandler	affected `1.0.0`

References

https://www.gigabyte.com/Support/Security

https://www.binarly.io/advisories/brly-dva-2025-011

https://kb.cert.org/vuls/id/746790

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-7029

Description

Affected Products

References