Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2025-09303

Опубликовано: 15 апр. 2025
Источник: fstec
CVSS3: 8.2
CVSS2: 6.8
EPSS Низкий

Описание

Уязвимость функции SwSmiInputValue() обработчика System Management Interrupt (SMI) микропрограммного обеспечения материнских плат Gigabyte связана с разыменованием недоверенного указателя. Эксплуатация уязвимости может позволить нарушителю обойти ограничения безопасности, повысить свои привилегии и выполнить произвольный код

Вендор

Gigabyte Technology Co., Ltd.

Наименование ПО

GA-H110M-S2HP
Z590 GAMING X
H510M S2H V2
H510M S2H
GA-H110M-S2V
GA-H110M-S2H
H410M S2H V2 (rev. 1.9/2.1)
H410M H V2 (rev. 1.9)
GA-B150M-DS3H DDR3
GA-H110M-S2V DDR3
GA-H110M-S2 DDR3
H510M DS2
G1.Sniper M7
GA-B150-HD3P
GA-H110M-DS2 DDR3
Z390 AORUS PRO WIFI
Z390 AORUS PRO
Z490 AORUS MASTER
GA-H310TN-CM
H310M D3H
Z390 AORUS XTREME WATERFORCE
B360M D2V
B360M H
B360M GAMING HD
GA-H110M-D3H
GA-H110M-D3H R2 TPM
GA-H110M-D3H R2
B360 AORUS GAMING 3
B360 AORUS GAMING 3 WIFI
GA-B150-HD3 DDR3
H310M S2H
H310M DS2V
Z490 GAMING X AX
Z490 GAMING X
Z490 AORUS MASTER WATERFORCE
B460M H
B460M GAMING HD
GA-H110-D3A
B560 HD3
B460M DS3H AC
B460M AORUS PRO
H510M S2
B560M H V2
H510M DS2V
H510M H
Z490I AORUS ULTRA
GA-B150M-Gaming
B360 HD3P
GA-H110M-DS2 (rev. 1.0/1.1/1.2)
H470M K
H410M K
H510M K V2
H510M S2H V3
H410M H V2
H410M S2 V2
H510M H V2
H510M S2 V2
H470M H
Z590 AORUS MASTER
GA-H110M-DS2V DDR3
GA-B150M-DS3H
Z390 AORUS XTREME
H410M S2H V3
H410M DS2V V3
H410M S2 V3
H410M H V3
GA-H110M-DS2
GA-B150M-D2V
Z490 VISION D
C621 AORUS XTREME
GA-H110TN-E
B360M DS3H
H410M S2H V2
H410M DS2V V2
H510M K
Z590 AORUS ELITE AX
Z590 AORUS ELITE
B460M DS3H V2
GA-B150N-GSM
Z490M GAMING X
Z490M
GA-B150M-D3V DDR3
B460M D2V
Z390 GAMING X
H470M DS3H
Z390 AORUS XTREME WATERFORCE 5G
GA-H110M-S2PV
GA-H110M-S2PT
GA-H110M-S2H DDR3
C246-WU4
Z590 AORUS PRO AX
Z490 AORUS XTREME WATERFORCE
H410M K (rev. 1.2)
Z490 AORUS ULTRA
Z490 AORUS ULTRA G2
Z590 AORUS XTREME
B560M DS3H
B560M DS3H V2
B560M DS3H PLUS
Z490 AORUS ELITE
Z490 AORUS ELITE AC
GA-H110MSTX-HD3-ZK
H410M H V2 (rev. 2.0)
GA-B150M-D3H
Z590M GAMING X
GA-H110TN-M
GA-H110TN-CM
Z590 VISION G
Z390 I AORUS PRO WIFI
B560M DS3H AC
Z390 UD V2
B360M D3V
H510M HD3P
C246N-WU2
GA-B150-HD3
GA-H110M-A
GA-H110M-H (rev. 1.0/1.1/1.2)
GA-H110M-M.2
B560M H
B560M GAMING HD
B560M POWER
B560M D2V
W480 VISION W
H370 AORUS GAMING 3 WIFI
H370 AORUS GAMING 3
B360 HD3
W480 VISION D
H310M S2V
H310M S2
GA-B150M-D3H DDR3
B560M AORUS PRO AX
B560M AORUS PRO
H370M D3H
H370M D3H GSM
H370M DS3H
GA-H310TN-R2
GA-B150M-D3V
GA-B150M-D2V DDR3
GA-H110M-Gaming 3
GA-X150M-PRO ECC
B460M D3H
GA-H110M-S2
Q370M D3H GSM PLUS
GA-H110N
Z490 VISION G
B360N WIFI
GA-H110M-WW
H310M M.2 2.0
G1.Sniper B7
Z590 D
Z390 AORUS ELITE
B460M AORUS ELITE
H510M A
H410M HD3P
H470I AORUS PRO AX
Z590 AORUS TACHYON
B560M AORUS ELITE
W480M VISION W
Z590 AORUS XTREME WATERFORCE
H310 D3
Z490 UD AC
Z490 UD
H310M H
H370N WIFI
Z490 AORUS PRO AX
B360N AORUS GAMING WIFI
H310M HD2
Z390 D
GA-H110M-H DDR3
GA-H110-D3
GA-H110M-S2PV DDR3
B360 M AORUS PRO
GA-H110M-S2PH DDR3
H310M A
B460M DS3H
H410M H
H410M S2
Z590 UD
Z590 UD AC
GA-B150N Phoenix-WIFI
GA-B150N Phoenix
Z590 AORUS ULTRA
B460M POWER
B560I AORUS PRO AX
H510M S2P
B560M D3H
Z590I VISION D
H470 AORUS PRO AX
GA-X170-EXTREME ECC
GA-H310MSTX-HD3
B460 AORUS PRO AC
H410M S2H
H410M DS2V
GA-H110M-DS2V
Z390 UD
B560 AORUS PRO AX
C246M-WU4
GA-B560M-D3P
Z390 M GAMING
Z590I AORUS ULTRA
Z390 AORUS MASTER
H310N
B360M HD3
B360M D3P
Z390 AORUS ULTRA
H470 HD3
Z490 AORUS XTREME
H310M DS2
H310M S2P
GA-B150M-DS3P
Z590M
GA-B150M-HD3
B460 HD3
Q570M D3H
GA-H110M-S2PH
H370 HD3
Z590 VISION D
B360M D3H
Z390 DESIGNARE
Z390 M
GA-B150M-HD3 DDR3
Z390 GAMING SLI

Версия ПО

F22f (2024-07-31) (GA-H110M-S2HP)
F10 (2023-12-19) (Z590 GAMING X)
F13 (2023-12-19) (H510M S2H V2)
F17 (2023-12-19) (H510M S2H)
F26a (2024-07-31) (GA-H110M-S2V)
F26g (2024-07-31) (GA-H110M-S2H)
FA (2024-07-03) (H410M S2H V2 (rev. 1.9/2.1))
FA (2024-07-09) (H410M H V2 (rev. 1.9))
F21f (2024-07-31) (GA-B150M-DS3H DDR3)
F21e (2024-07-31) (GA-H110M-S2V DDR3)
F20g (2024-07-31) (GA-H110M-S2 DDR3)
F15 (2023-12-19) (H510M DS2)
F20h (2024-07-31) (G1.Sniper M7)
F24h (2024-07-31) (GA-B150-HD3P)
F20g (2024-07-31) (GA-H110M-DS2 DDR3)
F13 (2024-01-11) (Z390 AORUS PRO WIFI)
F13 (2024-01-11) (Z390 AORUS PRO)
F23 (2023-12-20) (Z490 AORUS MASTER)
F17 (2024-01-11) (GA-H310TN-CM)
F5 (2024-01-11) (H310M D3H)
F8 (2024-01-11) (Z390 AORUS XTREME WATERFORCE)
F16 (2024-01-10) (B360M D2V)
F16 (2024-01-10) (B360M H)
F16 (2024-01-10) (B360M GAMING HD)
F22f (2024-07-31) (GA-H110M-D3H)
F22e (2024-07-31) (GA-H110M-D3H R2 TPM)
F24a (2024-07-31) (GA-H110M-D3H R2)
F16 (2024-01-10) (B360 AORUS GAMING 3)
F16 (2024-01-10) (B360 AORUS GAMING 3 WIFI)
F20h (2024-07-31) (GA-B150-HD3 DDR3)
F18 (2024-01-11) (H310M S2H)
FQ (2024-01-11) (H310M S2H)
F17 (2024-01-11) (H310M DS2V)
F23 (2023-12-20) (Z490 GAMING X AX)
F23 (2023-12-20) (Z490 GAMING X)
F23 (2023-12-20) (Z490 AORUS MASTER WATERFORCE)
F5 (2024-01-04) (B460M H)
F7 (2024-01-04) (B460M GAMING HD)
F26a (2024-07-31) (GA-H110-D3A)
F17 (2023-12-19) (B560 HD3)
F7 (2024-01-04) (B460M DS3H AC)
F8 (2024-01-04) (B460M AORUS PRO)
F16 (2023-12-19) (H510M S2)
F4 (2023-12-19) (B560M H V2)
F16 (2023-12-19) (H510M DS2V)
F19 (2023-12-19) (H510M H)
F23 (2023-12-20) (Z490I AORUS ULTRA)
F20h (2024-07-31) (GA-B150M-Gaming)
F16 (2024-01-11) (B360 HD3P)
F28b (2024-07-31) (GA-H110M-DS2 (rev. 1.0/1.1/1.2))
F8 (2023-12-20) (H470M K)
FC (2023-12-20) (H410M K)
F3 (2023-12-20) (H510M K V2)
F3 (2023-12-20) (H510M S2H V3)
FC (2023-12-20) (H410M H V2)
F5 (2024-01-04) (H410M H V2)
FC (2023-12-20) (H410M S2 V2)
F5 (2024-01-04) (H410M S2 V2)
F3 (2023-12-20) (H510M H V2)
F3 (2023-12-20) (H510M S2 V2)
F5 (2023-12-20) (H470M H)
F10 (2023-12-19) (Z590 AORUS MASTER)
F22a (2024-07-31) (GA-H110M-DS2V DDR3)
F22h (2024-07-31) (GA-B150M-DS3H)
F10 (2024-01-11) (Z390 AORUS XTREME)
F9 (2023-12-20) (H410M S2H V3)
F9 (2023-12-20) (H410M DS2V V3)
F9 (2023-12-20) (H410M S2 V3)
F9 (2023-12-20) (H410M H V3)
FCa (2024-07-31) (GA-H110M-DS2)
F22f (2024-07-31) (GA-B150M-D2V)
F23 (2023-12-20) (Z490 VISION D)
F4b (2024-08-22) (C621 AORUS XTREME)
F23f (2024-07-31) (GA-H110TN-E)
F19 (2024-01-10) (B360M DS3H)
F6 (2024-01-04) (H410M S2H V2)
F5 (2024-01-04) (H410M DS2V V2)
F6 (2023-12-19) (H510M K)
F10 (2023-12-19) (Z590 AORUS ELITE AX)
F8 (2023-12-19) (Z590 AORUS ELITE)
FF (2023-12-19) (H510M S2H V2)
FF (2023-12-19) (H510M S2)
FF (2023-12-19) (H510M DS2V)
FF (2023-12-19) (H510M H)
F6 (2023-12-20) (H410M K)
FH (2024-01-04) (H410M H V2)
FH (2024-01-04) (H410M S2 V2)
FF (2023-12-20) (H410M S2H V3)
FF (2023-12-20) (H410M DS2V V3)
FF (2023-12-20) (H410M S2 V3)
FF (2023-12-20) (H410M H V3)
F5 (2024-01-04) (H410M S2H V2)
FH (2024-01-04) (H410M S2H V2)
FF (2024-01-04) (H410M DS2V V2)
F26 (2024-02-27) (B460M DS3H V2)
F24b (2024-07-31) (GA-B150N-GSM)
F23 (2023-12-20) (Z490M GAMING X)
F23 (2023-12-20) (Z490M)
F20h (2024-07-31) (GA-B150M-D3V DDR3)
F8 (2024-01-04) (B460M D2V)
F11 (2024-01-11) (Z390 GAMING X)
F25 (2023-12-20) (H470M DS3H)
F5 (2024-01-11) (Z390 AORUS XTREME WATERFORCE 5G)
F26a (2024-07-31) (GA-H110M-S2PV)
F25a (2024-07-31) (GA-H110M-S2PT)
F21a (2024-07-31) (GA-H110M-S2H DDR3)
F8 (2024-01-11) (C246-WU4)
F11 (2023-12-19) (Z590 AORUS PRO AX)
F23 (2023-12-20) (Z490 AORUS XTREME WATERFORCE)
F2 (2024-11-05) (H410M K (rev. 1.2))
F23 (2023-12-20) (Z490 AORUS ULTRA)
F23 (2023-12-20) (Z490 AORUS ULTRA G2)
F14 (2023-12-19) (Z590 AORUS XTREME)
F11 (2023-12-19) (B560M DS3H)
F11 (2023-12-19) (B560M DS3H V2)
F9 (2023-12-19) (B560M DS3H PLUS)
F24 (2023-12-20) (Z490 AORUS ELITE)
F24 (2023-12-20) (Z490 AORUS ELITE AC)
F26a (2024-07-31) (GA-H110MSTX-HD3-ZK)
F5 (2024-01-04) (H410M H V2 (rev. 2.0))
F25d (2024-07-31) (GA-B150M-D3H)
F9 (2023-12-19) (Z590M GAMING X)
F23f (2024-07-31) (GA-H110TN-M)
F26a (2024-07-31) (GA-H110TN-CM)
F9 (2023-12-19) (Z590 VISION G)
F9 (2024-01-11) (Z390 I AORUS PRO WIFI)
F14 (2023-12-19) (B560M DS3H AC)
F3 (2024-01-11) (Z390 UD V2)
F16 (2024-01-10) (B360M D3V)
F10 (2023-12-19) (H510M HD3P)
F4 (2024-01-11) (C246N-WU2)
F23f (2024-07-31) (GA-B150-HD3)
F25a (2024-07-31) (GA-H110M-A)
F28a (2024-07-31) (GA-H110M-H (rev. 1.0/1.1/1.2))
F25a (2024-07-31) (GA-H110M-M.2)
F13 (2023-12-19) (B560M H)
F14 (2023-12-19) (B560M GAMING HD)
F14 (2023-12-19) (B560M POWER)
F14 (2023-12-19) (B560M D2V)
F24 (2023-12-20) (W480 VISION W)
F15 (2024-01-11) (H370 AORUS GAMING 3 WIFI)
F15 (2024-01-11) (H370 AORUS GAMING 3)
F17 (2024-01-11) (B360 HD3)
F23 (2023-12-20) (W480 VISION D)
F16 (2024-01-11) (H310M S2V)
F18 (2024-01-11) (H310M S2)
F21a (2024-07-31) (GA-B150M-D3H DDR3)
F14 (2023-12-19) (B560M AORUS PRO AX)
F11 (2023-12-19) (B560M AORUS PRO)
F15 (2024-01-11) (H370M D3H)
F15 (2024-01-11) (H370M D3H GSM)
F15 (2024-01-11) (H370M DS3H)
F4 (2024-01-11) (GA-H310TN-R2)
F22f (2024-07-31) (GA-B150M-D3V)
F20g (2024-07-31) (GA-B150M-D2V DDR3)
F26a (2024-07-31) (GA-H110M-Gaming 3)
F22i (2024-08-14) (GA-X150M-PRO ECC)
F7 (2024-01-04) (B460M D3H)
F27b (2024-07-31) (GA-H110M-S2)
F16 (2024-01-11) (Q370M D3H GSM PLUS)
F25a (2024-07-31) (GA-H110N)
F23 (2023-12-20) (Z490 VISION G)
F16 (2024-01-10) (B360N WIFI)
F25a (2024-07-31) (GA-H110M-WW)
FB (2024-01-11) (H310M M.2 2.0)
F22g (2024-07-31) (G1.Sniper B7)
F10 (2023-12-19) (Z590 D)
F11 (2024-01-11) (Z390 AORUS ELITE)
F7 (2024-01-04) (B460M AORUS ELITE)
F10 (2023-12-19) (H510M A)
FB (2024-01-04) (H410M HD3P)
F8 (2024-01-04) (H410M HD3P)
F25 (2023-12-20) (H470I AORUS PRO AX)
F10 (2023-12-19) (Z590 AORUS TACHYON)
F12 (2023-12-19) (B560M AORUS ELITE)
F24 (2023-12-20) (W480M VISION W)
F9 (2023-12-19) (Z590 AORUS XTREME WATERFORCE)
F19 (2024-01-11) (H310 D3)
F23 (2023-12-20) (Z490 UD AC)
F23 (2023-12-20) (Z490 UD)
F20 (2024-01-11) (H310M H)
F16 (2024-01-11) (H370N WIFI)
F23 (2023-12-20) (Z490 AORUS PRO AX)
F16 (2024-01-10) (B360N AORUS GAMING WIFI)
F16 (2024-01-10) (H310M HD2)
F4 (2024-01-11) (Z390 D)
F25a (2024-07-31) (GA-H110M-H DDR3)
F25a (2024-07-31) (GA-H110-D3)
F20g (2024-07-31) (GA-H110M-S2PV DDR3)
F6 (2024-01-10) (B360 M AORUS PRO)
F20g (2024-07-31) (GA-H110M-S2PH DDR3)
F16 (2024-01-11) (H310M A)
F7 (2024-01-04) (B460M DS3H)
F8 (2024-01-04) (H410M H)
F9 (2024-01-04) (H410M S2)
F10 (2023-12-19) (Z590 UD)
F10 (2023-12-19) (Z590 UD AC)
F22f (2024-07-31) (GA-B150N Phoenix-WIFI)
F20h (2024-07-31) (GA-B150N Phoenix)
F9 (2023-12-19) (Z590 AORUS ULTRA)
F7 (2024-01-04) (B460M POWER)
F13 (2023-12-19) (B560I AORUS PRO AX)
F14 (2023-12-19) (H510M S2P)
F12 (2023-12-19) (B560M D3H)
F10 (2023-12-19) (Z590I VISION D)
F25 (2023-12-20) (H470 AORUS PRO AX)
F21h (2024-08-01) (GA-X170-EXTREME ECC)
F7 (2024-01-11) (GA-H310MSTX-HD3)
F9 (2024-01-04) (B460 AORUS PRO AC)
F8 (2024-01-04) (H410M S2H)
F6 (2024-01-04) (H410M DS2V)
F25b (2024-07-31) (GA-H110M-DS2V)
F11 (2024-01-11) (Z390 UD)
F13 (2023-12-19) (B560 AORUS PRO AX)
F7 (2024-01-11) (C246M-WU4)
F11 (2023-12-19) (GA-B560M-D3P)
F10 (2024-01-11) (Z390 M GAMING)
F10 (2023-12-19) (Z590I AORUS ULTRA)
F12 (2024-01-11) (Z390 AORUS MASTER)
F18 (2024-01-11) (H310N)
F16 (2024-01-10) (B360M HD3)
F16 (2024-01-10) (B360M D3P)
F11 (2024-01-11) (Z390 AORUS ULTRA)
F25 (2023-12-20) (H470 HD3)
F23 (2023-12-20) (Z490 AORUS XTREME)
F21 (2024-01-11) (H310M DS2)
F23 (2024-01-11) (H310M S2P)
F22f (2024-07-31) (GA-B150M-DS3P)
F9 (2023-12-19) (Z590M)
F22g (2024-07-31) (GA-B150M-HD3)
F6 (2024-01-04) (B460 HD3)
F11 (2023-12-19) (Q570M D3H)
F28b (2024-07-31) (GA-H110M-S2PH)
F16 (2024-01-11) (H370 HD3)
F10 (2023-12-19) (Z590 VISION D)
F16 (2024-01-10) (B360M D3H)
F10 (2024-01-11) (Z390 DESIGNARE)
F7 (2024-01-11) (Z390 M)
F20i (2024-07-31) (GA-B150M-HD3 DDR3)
F11 (2024-01-11) (Z390 GAMING SLI)

Тип ПО

Микропрограммный код

Операционные системы и аппаратные платформы

-

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,8)
Высокий уровень опасности (базовая оценка CVSS 3.1 составляет 8,2)

Возможные меры по устранению уязвимости

Использование рекомендаций производителя:
https://www.gigabyte.com/Support/Security/2302

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Существует в открытом доступе

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 4%
0.0002
Низкий

8.2 High

CVSS3

6.8 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2025-7027

CVSS3: 8.2
nvd
7 месяцев назад

A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control both the read and write addresses used by the CommandRcx1 function. The write target is derived from an unvalidated UEFI NVRAM variable (SetupXtuBufferAddress), while the write content is read from an attacker-controlled pointer based on the RBX register. This dual-pointer dereference enables arbitrary memory writes within System Management RAM (SMRAM), leading to potential SMM privilege escalation and firmware compromise.

github логотип

GHSA-9237-5j3g-vhw4

CVSS3: 8.2
github
7 месяцев назад

A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control both the read and write addresses used by the CommandRcx1 function. The write target is derived from an unvalidated UEFI NVRAM variable (SetupXtuBufferAddress), while the write content is read from an attacker-controlled pointer based on the RBX register. This dual-pointer dereference enables arbitrary memory writes within System Management RAM (SMRAM), leading to potential SMM privilege escalation and firmware compromise.

EPSS

Процентиль: 4%
0.0002
Низкий

8.2 High

CVSS3

6.8 Medium

CVSS2