top of page
perceptive_background_267k.jpg

New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

Published:

19 december 2025 om 08:25:00

Alert date:

19 december 2025 om 09:02:17

Source:

thehackernews.com

Click to open the original link from this advisory

Operating Systems, Zero-Day Vulnerabilities, Critical Infrastructure

A security vulnerability affects motherboard models from ASRock, ASUSTeK Computer, GIGABYTE, and MSI, making them susceptible to early-boot direct memory access (DMA) attacks. The flaw impacts architectures implementing Unified Extensible Firmware Interface (UEFI) and input-output memory management unit (IOMMU). The vulnerability allows attackers to bypass security mechanisms that UEFI and IOMMU are designed to enforce during the early boot process.

Technical details

The vulnerability involves a discrepancy in DMA protection status where firmware indicates DMA protection is active but fails to configure and enable the IOMMU during the critical boot phase. This allows malicious DMA-capable PCIe devices with physical access to read or modify system memory before operating system-level safeguards are established. Attackers can potentially access sensitive data in memory or influence the initial state of the system, enabling pre-boot code injection on affected systems running unpatched firmware.

Mitigation steps:

Apply firmware updates released by impacted vendors as soon as they are available to correct the IOMMU initialization sequence and enforce DMA protections throughout the boot process. In environments where physical access cannot be fully controlled, prompt patching and adherence to hardware security best practices are especially important. For GIGABYTE TRX50 series chipsets, a fix is planned for Q1 2026.

Affected products:

ASRock motherboards using Intel 500
600
700
and 800 series chipsets
ASRock Rack motherboards using Intel 500
600
700
and 800 series chipsets
ASRock Industrial motherboards using Intel 500
600
700
and 800 series chipsets
ASUS motherboards using Intel Z490
W480
B460
H410
Z590
B560
H510
Z690
B660
W680
Z790
B760
and W790 series chipsets
GIGABYTE motherboards using Intel Z890
W880
Q870
B860
H810
Z790
B760
Z690
Q670
B660
H610
W790 series chipsets
GIGABYTE motherboards using AMD X870E
X870
B850
B840
X670
B650
A620
A620A
and TRX50 series chipsets
MSI motherboards using Intel 600 and 700 series chipsets

Related links:

https://learn.microsoft.com/en-us/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt
https://uefi.org/home
https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_management_unit
https://kb.cert.org/vuls/id/382314
https://www.cve.org/CVERecord?id=CVE-2025-14304
https://www.cve.org/CVERecord?id=CVE-2025-11901
https://www.cve.org/CVERecord?id=CVE-2025-14302
https://www.cve.org/CVERecord?id=CVE-2025-14303

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page