Motherboard firmware updates for UEFI DMA flaw (ASUS, Gigabyte, MSI, ASRock)
Security Patch Release
Summary
Hide ▲
Show ▼
ASUS, Gigabyte, MSI, and ASRock issued security bulletins and firmware updates for impacted motherboard models after a disclosed UEFI DMA flaw exposed systems to pre-boot memory attacks.
Related Happenings
CERT/CC UEFI DBX mitigation for vendor-signed applications
Advisory/Mitigation
H score28
First: 19.06.2026 21:33
Last: 19.06.2026 21:33
Sources 1
About this happening:
**CERT/CC** issued mitigation guidance to apply **UEFI Forbidden Signature Database (DBX)** updates, reducing **Secure Boot bypass** risk for affected vendor-signed **UEFI applica...
CERT/CC UEFI DBX mitigation for vendor-signed applications
Advisory/MitigationAbout this happening: **CERT/CC** issued mitigation guidance to apply **UEFI Forbidden Signature Database (DBX)** updates, reducing **Secure Boot bypass** risk for affected vendor-signed **UEFI applica...
Unattributed operators campaign expands across multiple victims
Campaign
H score37
First: 19.11.2025 16:35
Last: 19.11.2025 16:35
Sources 1
About this happening:
The **Operation WrtHug** campaign is hijacking **ASUS WRT routers** worldwide by exploiting **six vulnerabilities** and abusing **AiCloud**, creating a large pool of compromised d...
Unattributed operators campaign expands across multiple victims
CampaignAbout this happening: The **Operation WrtHug** campaign is hijacking **ASUS WRT routers** worldwide by exploiting **six vulnerabilities** and abusing **AiCloud**, creating a large pool of compromised d...
ASUS security patch release for CVE-2025-59367
Security Patch Release
H score28
First: 14.11.2025 11:52
Last: 14.11.2025 11:52
Sources 1
About this happening:
**ASUS** released **firmware 1.1.2.3_1010** to patch **CVE-2025-59367**, a **critical authentication bypass** affecting **DSL-AC51, DSL-N16, and DSL-AC750** routers. The update ma...
ASUS security patch release for CVE-2025-59367
Security Patch ReleaseAbout this happening: **ASUS** released **firmware 1.1.2.3_1010** to patch **CVE-2025-59367**, a **critical authentication bypass** affecting **DSL-AC51, DSL-N16, and DSL-AC750** routers. The update ma...
Timeline
-
19.12.2025 17:54 2 articles · 6mo ago
UEFI DMA flaw disclosure and vendor response
Initial DisclosureRiot Games researchers Nick Peterson and Mohamed Al-Sharifi disclosed a UEFI firmware flaw affecting some ASUS, Gigabyte, MSI, and ASRock motherboards after finding that DMA protections could be shown as enabled even when IOMMU failed to initialize correctly during early boot. Peterson and Al-Sharifi coordinated the response with CERT Taiwan, Carnegie Mellon CERT/CC confirmed impact across some motherboard models from ASRock, ASUS, GIGABYTE, and MSI, and vendor security bulletins and firmware updates listed affected models. On vulnerable systems, Valorant may not launch because Vanguard blocks startup when system integrity cannot be guaranteed.
Show sources
- New UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRock — www.bleepingcomputer.com — 19.12.2025 17:54
- New UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRock — www.bleepingcomputer.com — 19.12.2025 17:54