Dozens of Gigabyte motherboard models run on UEFI firmware vulnerable to security issues that allow planting bootkit malware that is invisible to the operating system and can survive reinstalls.
The vulnerabilities could allow attackers with local or remote admin permissions to execute arbitrary code in System Management Mode (SMM), an environment isolated from the operating system (OS) and with more privileges on the machine.
Mechanisms running code below the OS have low-level hardware access and initiate at boot time. Because of this, malware in these environments can bypass traditional security defenses on the system.
UEFI, or Unified Extensible Firmware Interface, firmware is more secure due to the Secure Boot feature that ensures through cryptographic verifications that a device uses at boot time code that is safe and trusted.
For this reason, UEFI-level malware like bootkits (BlackLotus, CosmicStrand, MosaicAggressor, MoonBounce, LoJax) can deploy malicious code at every boot.
Plenty of motherboards impacted
The four vulnerabilities are in Gigabyte firmware implementations and were discovered by researchers at firmware security company Binarly, who shared their findings with Carnegie Mellon University’s CERT Coordination Center (CERT/CC).
The original firmware supplier is American Megatrends Inc. (AMI), which addressed the issues after a private disclosure but some OEM firmware builds (e.g. Gigabyte's) did not implement the fixes at the time.
In Gigabyte firmware implementations, Binarly found the following vulnerabilities, all with a high-severity score of 8.2:
CVE-2025-7029: bug in an SMI handler (OverClockSmiHandler) that can lead to SMM privilege escalation
... continue reading