CVE-2025-7029 — HIGH (8.2) — White Hats Nepal

Vulnerability Description

A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control the RBX register, which is used to derive pointers (OcHeader, OcData) passed into power and thermal configuration logic. These buffers are not validated before performing multiple structured memory writes based on OcSetup NVRAM values, enabling arbitrary SMRAM corruption and potential SMM privilege escalation.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

References

FAQ

What is CVE-2025-7029?

CVE-2025-7029 is a vulnerability with a CVSS score of 8.2 (HIGH). A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control the RBX register, which is used to derive pointers (OcHeader, OcData) passed into power and therma...

How severe is CVE-2025-7029?

CVE-2025-7029 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-7029?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.