Sure motherboard fashions from distributors like ASRock, ASUSTeK Pc, GIGABYTE, and MSI are affected by a security vulnerability that leaves them vulnerable to early-boot direct reminiscence entry (DMA) assaults throughout architectures that implement a Unified Extensible Firmware Interface (UEFI) and enter–output reminiscence administration unit (IOMMU).
UEFI and IOMMU are designed to implement a security basis and forestall peripherals from performing unauthorized reminiscence accesses, successfully making certain that DMA-capable gadgets can manipulate or examine system reminiscence earlier than the working system is loaded.
The vulnerability, found by Nick Peterson and Mohamed Al-Sharifi of Riot Video games in sure UEFI implementations, has to do with a discrepancy within the DMA safety standing. Whereas the firmware signifies that DMA safety is energetic, it fails to configure and allow the IOMMU throughout the essential boot part.
“This hole permits a malicious DMA-capable Peripheral Part Interconnect Categorical (PCIe) machine with bodily entry to learn or modify system reminiscence earlier than working system-level safeguards are established,” the CERT Coordination Middle (CERT/CC) stated in an advisory.
“In consequence, attackers might doubtlessly entry delicate knowledge in reminiscence or affect the preliminary state of the system, thus undermining the integrity of the boot course of.”
Profitable exploitation of the vulnerability might permit a bodily current attacker to allow pre-boot code injection on affected techniques working unpatched firmware and entry or alter system reminiscence through DMA transactions, a lot earlier than the working system kernel and its security options are loaded.
The vulnerabilities that allow a bypass of early-boot reminiscence safety are listed under –
- CVE-2025-14304 (CVSS rating: 7.0) – A safety mechanism failure vulnerability affecting ASRock, ASRock Rack, and ASRock Industrial motherboards utilizing Intel 500, 600, 700, and 800 sequence chipsets
- CVE-2025-11901 (CVSS rating: 7.0) – A safety mechanism failure vulnerability affecting ASUS motherboards utilizing Intel Z490, W480, B460, H410, Z590, B560, H510, Z690, B660, W680, Z790, B760, and W790 sequence chipsets
- CVE-2025-14302 (CVSS rating: 7.0) – A safety mechanism failure vulnerability affecting GIGABYTE motherboards utilizing Intel Z890, W880, Q870, B860, H810, Z790, B760, Z690, Q670, B660, H610, W790 sequence chipsets, and AMD X870E, X870, B850, B840, X670, B650, A620, A620A, and TRX50 sequence chipsets (Repair for TRX50 deliberate for Q1 2026)
- CVE-2025-14303 (CVSS rating: 7.0) – A safety mechanism failure vulnerability affecting MSI motherboards utilizing Intel 600 and 700 sequence chipsets
With impacted distributors releasing firmware updates to right the IOMMU initialization sequence and implement DMA protections all through the boot course of, it is important that finish customers and directors apply them as quickly as they’re accessible to remain protected in opposition to the risk.
“In environments the place bodily entry can’t be totally managed or relied on, immediate patching and adherence to {hardware} security finest practices are particularly vital,” CERT/CC stated. “As a result of the IOMMU additionally performs a foundational function in isolation and belief delegation in virtualized and cloud environments, this flaw highlights the significance of making certain right firmware configuration even on techniques not usually utilized in knowledge facilities.”
