CVE-2017-3197— GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-3197
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection
Source: NVD (National Vulnerability Database)
Vulnerability Description
GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
保护机制失效
Source: NVD (National Vulnerability Database)
Vulnerability Title
技嘉GB-BXi7-5775 BRIX UEFI和GB-BSi7H-6500 BRIX UEFI 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GIGABYTE GB-BXi7-5775 BRIX UEFI和GB-BSi7H-6500 BRIX UEFI都是中国技嘉科技(GIGABYTE Technology)公司的电脑主机设备。 技嘉GB-BXi7-5775 BRIX UEFI F2版本和GB-BXi7-5775 BRIX UEFI F2版本存在安全漏洞,该漏洞源于固件没有以安全的方式实现BIOSWE,BLE,SMM_BWP,和PRx功能。攻击者可利用该漏洞对BIOS执行写入操作并修改SPI flash。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| GIGABYTE | GB-BSi7H-6500 | F6 | - | |
| GIGABYTE | GB-BXi7-5775 | F2 | - |
II. Public POCs for CVE-2017-3197
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-3197
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same vendor: GIGABYTE
- CVE-2026-4416
GIGABYTE|Performance Library - Insecure Deserialization - CVE-2026-4415
GIGABYTE|Gigabyte Control Center - Arbitrary File Write - CVE-2026-0870
GIGABYTE|MacroHub - Local Privilege Escalation - CVE-2025-14302
GIGABYTE|Motherboard - Protection Mechanism Failure - CVE-2025-7026
SMM Arbitrary Write via Unchecked RBX Pointer in CommandRcx0
Same weakness: CWE-693
- CVE-2026-26956
vm2: WASM Sandbox Escape (Node 25 only) - CVE-2026-24120
vm2: Sandbox Breakout Through Promise Species - CVE-2026-41316
ERB has an @_init deserialization guard bypass via def_modul - CVE-2026-41469
Beghelli Sicuro24 SicuroWeb Missing Content Security Policy - CVE-2026-40604
ClearanceKit: opfilter system extension can be suspended or
V. Comments for CVE-2017-3197
No comments yet