New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

Dec 19, 2025Ravie LakshmananFirmware Security / Vulnerability

Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct memory access (DMA) attacks across architectures that implement a Unified Extensible Firmware Interface (UEFI) and input–output memory management unit (IOMMU).

UEFI and IOMMU are designed to enforce a security foundation and prevent peripherals from performing unauthorized memory accesses, effectively ensuring that DMA-capable devices can manipulate or inspect system memory before the operating system is loaded.

The vulnerability, discovered by Nick Peterson and Mohamed Al-Sharifi of Riot Games in certain UEFI implementations, has to do with a discrepancy in the DMA protection status. While the firmware indicates that DMA protection is active, it fails to configure and enable the IOMMU during the critical boot phase.

“This gap allows a malicious DMA-capable Peripheral Component Interconnect Express (PCIe) device with physical access to read or modify system memory before operating system-level safeguards are established,” the CERT Coordination Center (CERT/CC) said in an advisory.

“As a result, attackers could potentially access sensitive data in memory or influence the initial state of the system, thus undermining the integrity of the boot process.”

Successful exploitation of the vulnerability could allow a physically present attacker to enable pre-boot code injection on affected systems running unpatched firmware and access or alter system memory via DMA transactions, much before the operating system kernel and its security features are loaded.

The vulnerabilities that enable a bypass of early-boot memory protection are listed below –

• CVE-2025-14304 (CVSS score: 7.0) – A protection mechanism failure vulnerability affecting ASRock, ASRock Rack, and ASRock Industrial motherboards using Intel 500, 600, 700, and 800 series chipsets
• CVE-2025-11901 (CVSS score: 7.0) – A protection mechanism failure vulnerability affecting ASUS motherboards using Intel Z490, W480, B460, H410, Z590, B560, H510, Z690, B660, W680, Z790, B760, and W790 series chipsets
• CVE-2025-14302 (CVSS score: 7.0) – A protection mechanism failure vulnerability affecting GIGABYTE motherboards using Intel Z890, W880, Q870, B860, H810, Z790, B760, Z690, Q670, B660, H610, W790 series chipsets, and AMD X870E, X870, B850, B840, X670, B650, A620, A620A, and TRX50 series chipsets (Fix for TRX50 planned for Q1 2026)
• CVE-2025-14303 (CVSS score: 7.0) – A protection mechanism failure vulnerability affecting MSI motherboards using Intel 600 and 700 series chipsets

With impacted vendors releasing firmware updates to correct the IOMMU initialization sequence and enforce DMA protections throughout the boot process, it’s essential that end users and administrators apply them as soon as they are available to stay protected against the threat.

“In environments where physical access cannot be fully controlled or relied on, prompt patching and adherence to hardware security best practices are especially important,” CERT/CC said. “Because the IOMMU also plays a foundational role in isolation and trust delegation in virtualized and cloud environments, this flaw highlights the importance of ensuring correct firmware configuration even on systems not typically used in data centers.”

Update

Riot Games, in a separate post, said the critical flaw could be exploited for injecting code, adding how the privileged state associated with the early boot sequence can be manipulated before the operating system running on the machine can activate its security controls.

“This issue allowed hardware cheats to potentially inject code unnoticed, even when security settings on the host appeared to be enabled,” Al-Sharifi said, describing it as a “Sleeping Bouncer” problem.

While Pre-Boot DMA Protection is designed as a way to prevent rogue DMA access to a system’s memory using IOMMU early on in the boot sequence, the vulnerability stems from the firmware incorrectly signaling to the operating system that this feature was fully active, when it was failing to initialize the IOMMU correctly during early boot.

“This meant that while ‘Pre-Boot DMA Protection’ settings appeared to be enabled in the BIOS, the underlying hardware implementation wasn’t fully initializing the IOMMU during the earliest seconds of the boot process,” Al-Sharifi added. “In essence, the system’s ‘bouncer’ appeared to be on duty, but was actually asleep in the chair. So by the time the system is fully loaded, it can’t be 100% confident that zero integrity-breaking code was injected via DMA.”

This brief exploitation window can pave the way for a “sophisticated hardware cheat” to get in, gain elevated privileges, and conceal itself without raising any red flags. “By closing this pre-boot loophole, we are neutralizing an entire class of previously untouchable cheats and significantly raising the cost of unfair play,” Riot Games noted.

Although the vulnerability has been framed from the point of view of the gaming sector, the security risk extends to any attack that can abuse the physical access to inject malicious code.