Sure motherboard fashions from distributors like ASRock, ASUSTeK Laptop, GIGABYTE, and MSI are affected by a safety vulnerability that leaves them prone to early-boot direct reminiscence entry (DMA) assaults throughout architectures that implement a Unified Extensible Firmware Interface (UEFI) and enter–output reminiscence administration unit (IOMMU).
UEFI and IOMMU are designed to implement a safety basis and forestall peripherals from performing unauthorized reminiscence accesses, successfully guaranteeing that DMA-capable gadgets can manipulate or examine system reminiscence earlier than the working system is loaded.
The vulnerability, found by Nick Peterson and Mohamed Al-Sharifi of Riot Video games in sure UEFI implementations, has to do with a discrepancy within the DMA safety standing. Whereas the firmware signifies that DMA safety is lively, it fails to configure and allow the IOMMU through the crucial boot part.
“This hole permits a malicious DMA-capable Peripheral Part Interconnect Categorical (PCIe) system with bodily entry to learn or modify system reminiscence earlier than working system-level safeguards are established,” the CERT Coordination Middle (CERT/CC) mentioned in an advisory.
“Consequently, attackers may probably entry delicate knowledge in reminiscence or affect the preliminary state of the system, thus undermining the integrity of the boot course of.”
Profitable exploitation of the vulnerability may permit a bodily current attacker to allow pre-boot code injection on affected programs working unpatched firmware and entry or alter system reminiscence through DMA transactions, a lot earlier than the working system kernel and its safety features are loaded.
The vulnerabilities that allow a bypass of early-boot reminiscence safety are listed under –
- CVE-2025-14304 (CVSS rating: 7.0) – A safety mechanism failure vulnerability affecting ASRock, ASRock Rack, and ASRock Industrial motherboards utilizing Intel 500, 600, 700, and 800 collection chipsets
- CVE-2025-11901 (CVSS rating: 7.0) – A safety mechanism failure vulnerability affecting ASUS motherboards utilizing Intel Z490, W480, B460, H410, Z590, B560, H510, Z690, B660, W680, Z790, B760, and W790 collection chipsets
- CVE-2025-14302 (CVSS rating: 7.0) – A safety mechanism failure vulnerability affecting GIGABYTE motherboards utilizing Intel Z890, W880, Q870, B860, H810, Z790, B760, Z690, Q670, B660, H610, W790 collection chipsets, and AMD X870E, X870, B850, B840, X670, B650, A620, A620A, and TRX50 collection chipsets (Repair for TRX50 deliberate for Q1 2026)
- CVE-2025-14303 (CVSS rating: 7.0) – A safety mechanism failure vulnerability affecting MSI motherboards utilizing Intel 600 and 700 collection chipsets
With impacted distributors releasing firmware updates to right the IOMMU initialization sequence and implement DMA protections all through the boot course of, it is important that finish customers and directors apply them as quickly as they’re out there to remain protected in opposition to the risk.
“In environments the place bodily entry can’t be totally managed or relied on, immediate patching and adherence to {hardware} safety greatest practices are particularly essential,” CERT/CC mentioned. “As a result of the IOMMU additionally performs a foundational function in isolation and belief delegation in virtualized and cloud environments, this flaw highlights the significance of guaranteeing right firmware configuration even on programs not sometimes utilized in knowledge facilities.”
Replace
Riot Video games, in a separate put up, mentioned the crucial flaw may very well be exploited for injecting code, including how the privileged state related to the early boot sequence might be manipulated earlier than the working system working on the machine can activate its safety controls.
“This subject allowed {hardware} cheats to probably inject code unnoticed, even when safety settings on the host seemed to be enabled,” Al-Sharifi mentioned, describing it as a “Sleeping Bouncer” drawback.
Whereas Pre-Boot DMA Safety is designed as a method to forestall rogue DMA entry to a system’s reminiscence utilizing IOMMU early on within the boot sequence, the vulnerability stems from the firmware incorrectly signaling to the working system that this function was totally lively, when it was failing to initialize the IOMMU appropriately throughout early boot.
“This meant that whereas ‘Pre-Boot DMA Safety’ settings seemed to be enabled within the BIOS, the underlying {hardware} implementation wasn’t totally initializing the IOMMU through the earliest seconds of the boot course of,” Al-Sharifi added. “In essence, the system’s ‘bouncer’ seemed to be on obligation, however was really asleep within the chair. So by the point the system is totally loaded, it will possibly’t be 100% assured that zero integrity-breaking code was injected through DMA.”
This temporary exploitation window can pave the way in which for a “refined {hardware} cheat” to get in, achieve elevated privileges, and conceal itself with out elevating any pink flags. “By closing this pre-boot loophole, we’re neutralizing a complete class of beforehand untouchable cheats and considerably elevating the price of unfair play,” Riot Video games famous.
Though the vulnerability has been framed from the viewpoint of the gaming sector, the safety danger extends to any assault that may abuse the bodily entry to inject malicious code.
