Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment

Vulnerabilities in Gigabyte firmware implementations could allow attackers to disable Secure Boot and execute code during the early boot phase.

Vulnerabilities affecting multiple Gigabyte firmware implementations could allow attackers to disable UEFI security mechanisms and take control of the impacted systems, security researchers have discovered.

The issues were discovered in the System Management Mode (SMM), a highly privileged CPU mode that handles low-level system operations, allowing UEFI to interact directly with the hardware.

SMM operations run within protected memory and are only accessible through System Management Interrupt (SMI) handlers that rely on specific buffers to process data.

Improper validation of these buffers, however, could allow attackers to execute arbitrary code before the operating system loads, and UEFI modules present in Gigabyte firmware expose systems to such attacks, Carnegie Mellon University’s CERT Coordination Center (CERT/CC) warns.

“An attacker could exploit one or more of these vulnerabilities to elevate privileges ...