CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7026 – SMM Arbitrary Write via Unchecked RBX Pointer in CommandRcx0
https://notcve.org/view.php?id=CVE-2025-7026
11 Jul 2025 — A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control the RBX register, which is used as an unchecked pointer in the CommandRcx0 function. If the contents at RBX match certain expected values (e.g., '$DB$' or '2DB$'), the function performs arbitrary writes to System Management RAM (SMRAM), leading to potential privilege escalation to System Management Mode (SMM) and persistent firmware compromise. • https://kb.cert.org/vuls/id/746790 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7028 – SMM Arbitrary Memory Access via Flash Handler with Unchecked FuncBlock Pointer
https://notcve.org/view.php?id=CVE-2025-7028
11 Jul 2025 — A vulnerability in the Software SMI handler (SwSmiInputValue 0x20) allows a local attacker to supply a crafted pointer (FuncBlock) through RBX and RCX register values. This pointer is passed unchecked into multiple flash management functions (ReadFlash, WriteFlash, EraseFlash, and GetFlashInfo) that dereference both the structure and its nested members, such as BufAddr. This enables arbitrary read/write access to System Management RAM (SMRAM), allowing an attacker to corrupt firmware memory, exfiltrate SMRA... • https://kb.cert.org/vuls/id/746790 •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7027 – SMM Arbitrary Write via Dual-Controlled Pointers in CommandRcx1
https://notcve.org/view.php?id=CVE-2025-7027
11 Jul 2025 — A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control both the read and write addresses used by the CommandRcx1 function. The write target is derived from an unvalidated UEFI NVRAM variable (SetupXtuBufferAddress), while the write content is read from an attacker-controlled pointer based on the RBX register. This dual-pointer dereference enables arbitrary memory writes within System Management RAM (SMRAM), leading to potential SMM privilege escalation and firm... • https://kb.cert.org/vuls/id/746790 •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7029 – SMM Arbitrary Write via Unchecked OcHeader Buffer in Platform Configuration Handler
https://notcve.org/view.php?id=CVE-2025-7029
11 Jul 2025 — A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control the RBX register, which is used to derive pointers (OcHeader, OcData) passed into power and thermal configuration logic. These buffers are not validated before performing multiple structured memory writes based on OcSetup NVRAM values, enabling arbitrary SMRAM corruption and potential SMM privilege escalation. • https://kb.cert.org/vuls/id/746790 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7630
https://notcve.org/view.php?id=CVE-2019-7630
25 Mar 2020 — An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0227.1. The vulnerable driver exposes a wrmsr instruction via IOCTL 0xC3502580 and does not properly filter the target Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. Se detectó un problema en la biblioteca gdrv.sys en Gigabyte APP Center versiones anteriores a 19.0227.1. El controlador vulnerable expone una instrucción wrmsr por medio de una IOCTL 0xC3502580 y no... • https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2019-0003/FEYE-2019-0003.md • CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 21%CPEs: 4EXPL: 4CVE-2018-19321 – GIGABYTE Multiple Products Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-19321
21 Dec 2018 — The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges. Los controladores de bajo nivel GPCIDrv y GDrv de bajo nivel en GIGABYTE APP Center, en versiones v1.05.21 y anteriores, AORUS GRAPHICS ENGINE en versiones anteriores a la 1.57, XTREME GAMING ENGINE en ver... • https://packetstorm.news/files/id/150894 •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 3CVE-2018-19322 – GIGABYTE Multiple Products Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-19322
21 Dec 2018 — The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges. Los controladores de bajo nivel GPCIDrv y GDrv de bajo nivel en GIGABYTE APP Center, en versiones v1.05.21 y anteriores, AORUS GRAPHICS ENGINE en versiones anteriores a la 1.57, XTREME GA... • https://packetstorm.news/files/id/150894 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 9.8EPSS: 23%CPEs: 4EXPL: 3CVE-2018-19323 – GIGABYTE Multiple Products Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-19323
21 Dec 2018 — The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs). El controlador de bajo nivel GDrv en GIGABYTE APP Center, en versiones v1.05.21 y anteriores, AORUS GRAPHICS ENGINE en versiones anteriores a la 1.57, XTREME GAMING ENGINE en versiones anteriores a la 1.26 y OC GURU II v2.08, expone una funcionalidad para leer y escribir MSR ... • https://packetstorm.news/files/id/150894 •
CVSS: 9.8EPSS: 23%CPEs: 4EXPL: 6CVE-2018-19320 – GIGABYTE Multiple Products Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2018-19320
21 Dec 2018 — The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system. El controlador GDrv de bajo nivel en GIGABYTE APP Center, en versiones v1.05.21 y anteriores, AORUS GRAPHICS ENGINE en versiones anteriores a la 1.57, XTREME GAMING ENGINE en versiones anteriores a la 1.26 y OC GURU II v2.08, ex... • https://packetstorm.news/files/id/150894 •
CVSS: 10.0EPSS: 4%CPEs: 4EXPL: 3CVE-2017-3197 – GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection
https://notcve.org/view.php?id=CVE-2017-3197
09 Jul 2018 — GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash. El firmware de GIGABYTE BRIX UEFI para las plataformas GB-BSi7H-6500 (versión F6) y GB-BXi7-5775 (versión F2) no implementa las características BIOSWE, BLE, SMM_BWP, y PRx de manera segura. En consecuencia, la BIOS no está prot... • http://www.securityfocus.com/bid/97294 • CWE-20: Improper Input Validation CWE-693: Protection Mechanism Failure •