Motherboard firmware updates for UEFI DMA flaw (ASUS, Gigabyte, MSI, ASRock)
Security Patch Release
Summary
Hide ▲
Show ▼
ASUS, Gigabyte, MSI, and ASRock issued security bulletins and firmware updates for impacted motherboard models after a disclosed UEFI DMA flaw exposed systems to pre-boot memory attacks.
Related Happenings
Unattributed operators campaign expands across multiple victims
Campaign
First: 19.11.2025 16:35
Last: 19.11.2025 16:35
Sources 1
About this happening:
The **Operation WrtHug** campaign is hijacking **ASUS WRT routers** worldwide by exploiting **six vulnerabilities** and abusing **AiCloud**, creating a large pool of compromised d...
Unattributed operators campaign expands across multiple victims
CampaignAbout this happening: The **Operation WrtHug** campaign is hijacking **ASUS WRT routers** worldwide by exploiting **six vulnerabilities** and abusing **AiCloud**, creating a large pool of compromised d...
ASUS security patch release for CVE-2025-59367
Security Patch Release
First: 14.11.2025 11:52
Last: 14.11.2025 11:52
Sources 1
About this happening:
**ASUS** released **firmware 1.1.2.3_1010** to patch **CVE-2025-59367**, a **critical authentication bypass** affecting **DSL-AC51, DSL-N16, and DSL-AC750** routers. The update ma...
ASUS security patch release for CVE-2025-59367
Security Patch ReleaseAbout this happening: **ASUS** released **firmware 1.1.2.3_1010** to patch **CVE-2025-59367**, a **critical authentication bypass** affecting **DSL-AC51, DSL-N16, and DSL-AC750** routers. The update ma...
Timeline
-
19.12.2025 17:54 2 articles · 5mo ago
UEFI DMA flaw disclosure and vendor response
Initial DisclosureRiot Games researchers Nick Peterson and Mohamed Al-Sharifi disclosed a UEFI firmware flaw affecting some ASUS, Gigabyte, MSI, and ASRock motherboards after finding that DMA protections could be shown as enabled even when IOMMU failed to initialize correctly during early boot. Peterson and Al-Sharifi coordinated the response with CERT Taiwan, Carnegie Mellon CERT/CC confirmed impact across some motherboard models from ASRock, ASUS, GIGABYTE, and MSI, and vendor security bulletins and firmware updates listed affected models. On vulnerable systems, Valorant may not launch because Vanguard blocks startup when system integrity cannot be guaranteed.
Show sources
- New UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRock — www.bleepingcomputer.com — 19.12.2025 17:54
- New UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRock — www.bleepingcomputer.com — 19.12.2025 17:54