Certain motherboard models from vendors such as ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by security vulnerabilities that make them susceptible to early-start direct memory access (DMA) attacks across architectures that implement Unified Extensible Firmware Interface (UEFI) or Input/Output Memory Management Unit (IOMMU).
UEFI and IOMMU are designed to strengthen the security foundation and prevent peripherals from performing unauthorized memory accesses, effectively ensuring that DMA-enabled devices can manipulate or inspect system memory before the operating system is loaded.
This vulnerability was discovered by Nick Peterson and Mohamed Al-Sharifi of Riot Games in certain UEFI implementations and is related to a DMA protection status mismatch. The firmware indicates that DMA protection is active, but fails to configure and enable the IOMMU during the critical boot phase.
“This gap could allow a physically accessible, malicious, DMA-enabled Peripheral Component Interconnect Express (PCIe) device to read or modify system memory before operating system-level safeguards are in place,” the CERT Coordination Center (CERT/CC) said in an advisory.
“As a result, an attacker could compromise the integrity of the boot process by accessing sensitive data in memory or affecting the initial state of the system.”
Successful exploitation of this vulnerability could allow a physically present attacker to enable pre-boot code injection on an affected system running unpatched firmware to access or modify system memory via DMA transactions long before the operating system kernel and its security features are loaded.
The vulnerabilities that allow early boot memory protection bypass are listed below.
CVE-2025-14304 (CVSS Score: 7.0) – Protection mechanism failure vulnerability affecting ASRock, ASRock Rack, and ASRock industrial motherboards using Intel 500, 600, 700, and 800 series chipsets CVE-2025-11901 (CVSS Score: 7.0) – ASUS using Protection Mechanism Failure Vulnerability Affecting Motherboards Intel Z490, W480, B460, H410, Z590, B560, H510, Z690, B660, W680, Z790, B760, and W790 Series Chipsets CVE-2025-14302 (CVSS Score: 7.0) – Using Intel Z890 A protection mechanism failure vulnerability affects GIGABYTE motherboards. W880, Q870, B860, H810, Z790, B760, Z690, Q670, B660, H610, W790 series chipsets and AMD X870E, X870, B850, B840, X670, B650, A620, A620A, and TRX50 series chipsets (Fixed TRX50 expected in Q1 2026) CVE-2025-14303 (CVSS Score: 7.0) – Protection Mechanism Failure Vulnerability Affecting MSI Motherboards Using Intel 600 and 700 Series Chipsets
Affected vendors have released firmware updates that modify the IOMMU initialization sequence and enforce DMA protection throughout the boot process, so it is important that end users and administrators apply updates as soon as they become available to remain protected from threats.
“In environments where physical access cannot be fully controlled or relied upon, rapid patching and adherence to hardware security best practices are especially important,” CERT/CC states. “IOMMUs also play a fundamental role in isolation and delegation of trust in virtualized and cloud environments, so this flaw highlights the importance of ensuring correct firmware configuration even on systems not commonly used in data centers.”
Source link
