2 matches found
CVE-2025-7028
CVE-2025-7028 is a Gigabyte UEFI firmware vulnerability affecting the Software SMI handler. An attacker can supply a crafted pointer via RBX/RCX (FuncBlock) that is passed unchecked into flash-management calls (ReadFlash, WriteFlash, EraseFlash, GetFlashInfo), which dereference the pointer and it...
CVE-2025-7028 SMM Arbitrary Memory Access via Flash Handler with Unchecked FuncBlock Pointer
A vulnerability in the Software SMI handler SwSmiInputValue 0x20 allows a local attacker to supply a crafted pointer FuncBlock through RBX and RCX register values. This pointer is passed unchecked into multiple flash management functions ReadFlash, WriteFlash, EraseFlash, and GetFlashInfo that...