InfoSecBulletin Cybersecurity for mankind
Four vulnerabilities in Gigabyte firmware were found by Binarly researchers and reported to Carnegie Mellon University’s CERT Coordination Center.
The original firmware supplier, American Megatrends Inc. (AMI), fixed issues after being privately informed. However, some OEM firmware builds, like Gigabyte’s, did not implement the fixes initially.
Using AI, Researcher Hacks Google and Earns $500,000 Bug Bounty
Chrome 149 fixes 28 flaws, including critical UAF bugs
Dahua patches multiple critical vulnerabilities in its products
South Korea fines Coupang Record $409 mln fine for data leak
ShinyHunters claim stolen data from 100+ org via oracle PeopleSoft servers
Security Update: RoguePlanet, BitLocker Bypass, Chromium Zero-Day, and More Critical Threats Uncovered
73 Microsoft Packages Compromised in Password Stealer Attack
New Windows Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges
Microsoft June Patches 200 Vulnerabilities including 3 zero days
World’s first wind power underwater data center is now live
In Gigabyte firmware implementations, Binarly found the following vulnerabilities, all with a high-severity score of 8.2:
CVE-2025-7029: bug in an SMI handler (OverClockSmiHandler) that can lead to SMM privilege escalation
CVE-2025-7028: bug in an SMI handler (SmiFlash) gives read/write access to the System Management RAM (SMRAM), which can lead to malware installation
CVE-2025-7027: can lead to SMM privilege escalation and modifying the firmware by writing arbitrary content to SMRAM
CVE-2025-7026: allows arbitrary writes to SMRAM and can lead to privilege escalation to SMM and persistent firmware compromise.
Bleepingcomputer reported that the four vulnerabilities affect more than 100 motherboards and that products from other vendors are also impacted.
Products from other device vendors are affected by four vulnerabilities, but their names will not be revealed until fixes are ready.
Binarly informed Carnegie Mellon CERT/CC about the vulnerabilities on April 15. Gigabyte confirmed them on June 12 and released firmware updates, according to CERT/CC.
Meanwhile, Binarly founder and CEO Alex Matrosov told BleepingComputer that Gigabyte most likely hasn’t released fixes. With many of the products already having reached end-of-life, users should not expect to receive any security updates.
“Because all these four vulnerabilities originated from AMI reference code, AMI disclosed these vulnerabilities a while ago with their silent disclosure to paid customers only under NDA, and it caused significant effects for years on the downstream vendors when they stayed vulnerable and unpatched” – Alex Matrosov
“It seems that Gigabyte has not released any fixes yet, and many of the affected devices have reached end-of-life status, meaning they will likely remain vulnerable indefinitely.”
While the risk for general consumers is admittedly low, those in critical environments can assess the specific risk with Binarly’s Risk Hunt scanner tool, which includes free detection for the four vulnerabilities.
Computers from various OEMs using Gigabyte motherboards may be vulnerable, so users are advised to monitor for firmware updates and apply them promptly.
Source: Binarly, Bleepingcomputer
