Multiple SMM memory corruption vulnerabilities in SMM module

CVE-2025-7026, CVE-2025-7027, CVE-2025-7029

Jul 10, 2025

GIGA-BYTE Technology Co., Ltd. has been informed by Binarly REsearch of multiple memory corruption vulnerabilities within the System Management Mode (SMM) modules used in several legacy GIGABYTE/AORUS consumer motherboards. These vulnerabilities exist only on older Intel platforms where the affected SMM modules are implemented; newer platforms are not impacted. Successful exploitation of these vulnerabilities may allow an attacker with local access to elevate privileges or execute arbitrary code within the highly privileged SMM environment.

We acknowledge Binarly’s responsible disclosure, which enabled us to promptly evaluate the issue and initiate work on mitigations for affected legacy products. We appreciate their contribution to the security of the broader PC ecosystem.

GIGABYTE is actively addressing these issues and is releasing BIOS updates according to the following schedule. Affected platforms include (but are not limited to):

platform	BIOS Release Schedule
Intel® H110	Jun. 2025
Intel® Z170, H170, B150, Q170	EOL, Contact the FAE for support.
Intel® Z270, H270, B250, Q270	EOL, Contact the FAE for support.
Intel® Z370, B365	EOL, Contact the FAE for support.
Intel® Z390, H310, B360, Q370, C246	Jun. 2025
Intel® Z490, H470. H410, W480	Jun. 2025
Intel® Z590, B560. H510, Q570	Jun. 2025

Customers using the listed products are strongly encouraged to update to the latest BIOS versions as soon as they become available.