- Multiple motherboard models from major vendors have a vulnerability allowing direct memory access (DMA) attacks during early boot.
- The issue involves failure to properly enable the input–output memory management unit (IOMMU), despite firmware indicating active DMA protection.
- The flaw enables physical attackers to read or modify system memory before the operating system loads.
- Four vulnerabilities impacting ASRock, ASUS, GIGABYTE, and MSI motherboards have been identified, each with a CVSS score of 7.0.
- Firmware updates to fix the IOMMU initialization and enforce DMA protections are now available and should be applied promptly.
Certain motherboards from ASRock, ASUSTeK Computer, GIGABYTE, and MSI are exposed to security vulnerabilities that allow direct memory access (DMA) attacks during the early boot phase. These flaws were identified in models implementing the Unified Extensible Firmware Interface (UEFI) and the input–output memory management unit (IOMMU). The vulnerabilities were publicly reported on December 19, 2025.
UEFI is firmware designed to initialize hardware and load the operating system, while IOMMU restricts peripheral devices from unauthorized memory access. The issue involves a mismatch between the firmware’s indication that DMA protection is active and the actual failure to correctly initialize IOMMU during boot. According to the CERT Coordination Center (CERT/CC), this gap enables a malicious PCIe device with physical access to read or manipulate system memory before OS-level protections are in place. This undermines boot process integrity and could expose sensitive data or allow pre-boot code injection.
The identified vulnerabilities include:
- CVE-2025-14304 affecting ASRock boards using Intel 500–800 series chipsets.
- CVE-2025-11901 impacting ASUS motherboards with Intel Z490 to W790 series chipsets.
- CVE-2025-14302 targeting GIGABYTE models with Intel Z890 to W790 and AMD X870 to TRX50 series chipsets (a fix for TRX50 is planned for Q1 2026).
- CVE-2025-14303 found in MSI motherboards using Intel 600 and 700 series chipsets.
Each vulnerability is rated with a Common Vulnerability Scoring System (CVSS) score of 7.0, indicating a high severity level.
Affected vendors have released firmware updates addressing the proper initialization of IOMMU and enforcement of DMA protections during boot. Users and system administrators are strongly encouraged to apply these updates immediately. “In environments where physical access cannot be fully controlled or relied on, prompt patching and adherence to hardware security best practices are especially important,” stated CERT/CC. The organization also emphasized that correct firmware configuration is critical even for systems outside of data center use, given the role of IOMMU in virtualization and cloud environments.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Central Banks Hoard Record 9500 Tonnes of Gold as Prices Soar
- Arthur Hayes: Yen Could Hit $200 as BOJ Hikes Rates to 0.75%
- Euro Stablecoins Double in Value After MiCA Regulation, Transaction Volumes Jump 899%
- Senior IcomTech Promoter Gets 71 Months for Crypto Ponzi Scheme
- Bank of Japan Rate Hike Fuels Crypto Rally; XRP, Bitcoin Jump
