CVE-2025-7029
SMM Arbitrary Write via Unchecked OcHeader Buffer in Platform Configuration Handler
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control the RBX register, which is used to derive pointers (OcHeader, OcData) passed into power and thermal configuration logic. These buffers are not validated before performing multiple structured memory writes based on OcSetup NVRAM values, enabling arbitrary SMRAM corruption and potential SMM privilege escalation.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2025-07-02 CVE Reserved
- 2025-07-11 CVE Published
- 2025-07-12 CVE Updated
- 2025-07-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://kb.cert.org/vuls/id/746790 |
|
|
| https://www.binarly.io/advisories/brly-dva-2025-011 | ||
| https://www.gigabyte.com/Support/Security |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| GIGABYTE Search vendor "GIGABYTE" | UEFI-OverClockSmiHandler Search vendor "GIGABYTE" for product "UEFI-OverClockSmiHandler" | 1.0.0 Search vendor "GIGABYTE" for product "UEFI-OverClockSmiHandler" and version "1.0.0" | en |
Affected
| ||||||