GIGABYTE Support:
CVE-2025-7026, CVE-2025-7027, CVE-2025-7029
Jul 10, 2025
GIGA-BYTE Technology Co., Ltd. has identified multiple memory corruption vulnerabilities within the System Management Mode (SMM) modules used in several legacy GIGABYTE/AORUS consumer motherboards. These vulnerabilities exist only on older Intel platforms where the affected SMM modules are implemented. Newer platforms are not impacted.
Successful exploitation of these vulnerabilities may allow an attacker with local access to elevate privileges or execute arbitrary code within the highly privileged SMM environment.
GIGABYTE is actively addressing these issues and is releasing BIOS updates according to the following schedule. Affected platforms include (but are not limited to):
| Platform | BIOS Release Schedule |
|---|---|
| Intel® H110 | Jun. 2025 |
| Intel® Z170, H170, B150, Q170 | EOL, Contact the FAE for support. |
| Intel® Z270, H270, B250, Q270 | EOL, Contact the FAE for support. |
| Intel® Z370, B365 | EOL, Contact the FAE for support. |
| Intel® Z390, H310, B360, Q370, C246 | Jun. 2025 |
| Intel® Z490, H470. H410, W480 | Jun. 2025 |
| Intel® Z590, B560. H510, Q570 | Jun. 2025 |
Customers using the listed products are strongly encouraged to update to the latest BIOS versions as soon as they become available.
Source:
