Security

UEFI Flaw Lets DMA Attacks Bypass Early-Boot Security

UEFI IOMMU Flaw Lets Early-Boot DMA Attacks
Early-Boot DMA Risk
  • Key Takeaways:
  • Several ASRock, ASUS, GIGABYTE and MSI motherboards contain a UEFI implementation bug that reports DMA protection as enabled but fails to initialize the IOMMU during early boot.
  • Researchers from Riot Games and a CERT/CC advisory warn the mismatch allows physical attackers with a DMA-capable PCIe device to read or modify memory before the OS loads.
  • Multiple CVEs (CVE-2025-11901, CVE-2025-14302, CVE-2025-14303, CVE-2025-14304) are assigned; vendors have released firmware fixes—apply updates immediately.
  • The flaw affects a broad set of Intel and AMD chipsets and can undermine boot integrity and virtualization isolation if left unpatched.

What the vulnerability is

Security researchers Nick Peterson and Mohamed Al-Sharifi (Riot Games) discovered a discrepancy in some UEFI implementations: firmware reports DMA protection as active but does not configure or enable the Input–Output Memory Management Unit (IOMMU) during the critical early-boot phase.

According to CERT/CC, "This gap allows a malicious DMA-capable Peripheral Component Interconnect Express (PCIe) device with physical access to read or modify system memory before operating system-level safeguards are established."

Which systems are affected

The flaw spans motherboards from major vendors: ASRock, ASUSTeK (ASUS), GIGABYTE and MSI. Affected platforms include multiple Intel 500/600/700/800-series chipsets and several Intel/AMD chipset families used across consumer and workstation boards.

Affected CVEs and chipsets

Vendors and CERT/CC list these CVEs with a CVSS around 7.0:

  • CVE-2025-14304 — ASRock (Intel 500–800 series)
  • CVE-2025-11901 — ASUS (Z490, Z590, Z690, Z790, B-series, W-series, H-series)
  • CVE-2025-14302 — GIGABYTE (Intel Z890/Z790/Z690 families and AMD X870/X670/B650/TRX50 — TRX50 fix planned Q1 2026)
  • CVE-2025-14303 — MSI (Intel 600 and 700 series)

How an attacker could exploit it

Because the IOMMU is not enabled early, a malicious device connected over PCIe (or a compromised Thunderbolt/USB4 peripheral that exposes PCIe lanes) can perform direct memory access (DMA) to inspect or alter RAM before kernel protections and OS-based mitigations are active.

Exploitation requires physical access or the ability to attach a DMA-capable peripheral, so remote-only threat actors cannot use this technique without a foothold that provides physical device connectivity.

Vendors have released firmware updates that correct IOMMU initialization and enforce DMA protections during the boot sequence. Apply vendor-supplied UEFI/BIOS updates immediately on affected systems.

Where physical access cannot be fully controlled, additional controls—such as kernel DMA protection (on supported platforms), disabling unused external ports, and enforcing case locks—reduce risk.

Why this matters beyond desktops

The IOMMU is foundational for isolation in virtualization and cloud hosts. Incorrect firmware configuration can affect trust boundaries in systems even if they aren’t typical data-center hardware.

Summary: treat this as a high-priority firmware update. If you manage hardware inventory with affected vendors or chipsets, schedule immediate patching and physical-security reviews to limit exposure.

Read more