ASRock, ASUS, GIGABYTE, and MSI UEFI early-boot DMA bypass (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
A disclosed UEFI/IOMMU flaw in some ASR ock, ASUS, GIGABYTE, and MSI motherboards can let a physically present attacker use a malicious PCIe DMA device to read or modify system memory before operating-system protections load. The issue is tracked as CVE-2025-14304, CVE-2025-11901, CVE-2025-14302, and CVE-2025-14303. The weakness affects early boot, where firmware may indicate DMA protection is active even if IOMMU initialization did not complete correctly. Vendors are releasing firmware updates to correct the initialization sequence and restore DMA protections during boot. The disclosure was coordinated through CERT/CC with vendor response, and affected systems may also trigger downstream software restrictions such as blocking Valorant from launching through Vanguard.
Related Happenings
PCIe IDE mitigation guidance (CERT/CC)
Advisory/Mitigation
First: 10.12.2025 15:32
Last: 10.12.2025 15:32
Sources 1
About this happening:
**CERT/CC** issued mitigation guidance for **PCIe IDE** implementations, urging manufacturers to follow **PCIe 6.0** and **Erratum #1** to reduce exposure in affected components a...
PCIe IDE mitigation guidance (CERT/CC)
Advisory/MitigationAbout this happening: **CERT/CC** issued mitigation guidance for **PCIe IDE** implementations, urging manufacturers to follow **PCIe 6.0** and **Erratum #1** to reduce exposure in affected components a...
Timeline
-
19.12.2025 17:54 2 articles · 5mo ago
UEFI DMA bypass disclosed for affected motherboards
Initial DisclosureRiot Games researchers Nick Peterson and Mohamed Al-Sharifi disclosed a UEFI firmware flaw affecting some ASUS, Gigabyte, MSI, and ASRock motherboards and worked with CERT Taiwan to coordinate response and reach affected vendors. The issue can let a malicious PCIe device with physical access exploit an early-boot window where firmware asserts that DMA protections are active even if IOMMU did not initialize correctly, leaving RAM exposed before operating-system safeguards load. Carnegie Mellon CERT/CC confirmed broad motherboard impact, vendors have firmware updates for impacted models, and affected systems may block Valorant from launching through Vanguard.
Show sources
- New UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRock — www.bleepingcomputer.com — 19.12.2025 17:54
- New UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRock — www.bleepingcomputer.com — 19.12.2025 17:54
-
19.12.2025 10:25 2 articles · 5mo ago
CERT/CC discloses UEFI/IOMMU DMA bypass in ASRock, ASUS, GIGABYTE, and MSI motherboards
Initial DisclosureCERT Coordination Center (CERT/CC) disclosed a UEFI/IOMMU flaw in certain motherboard firmware from ASRock, ASUSTeK Computer, GIGABYTE, and MSI that can let a physically present attacker use a malicious PCIe device to read or modify system memory before operating system protections load; the issue is tracked as CVE-2025-14304, CVE-2025-11901, CVE-2025-14302, and CVE-2025-14303, and impacted vendors are releasing firmware updates to correct the IOMMU initialization sequence and enforce DMA protections throughout boot.
Show sources
- New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards — thehackernews.com — 19.12.2025 10:25
- New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards — thehackernews.com — 19.12.2025 10:25