Motherboards from a number of main distributors are affected by a vulnerability that may permit a menace actor to conduct early-boot assaults.
In response to an advisory revealed on Wednesday by Carnegie Mellon College’s CERT/CC, an attacker can exploit the vulnerability to entry information in reminiscence or affect the preliminary state of the system.
The safety gap might permit an attacker to acquire delicate information and conduct pre-boot code injection.
Whereas the difficulty might sound important because it undermines the integrity of the boot course of and permits assaults to be performed previous to the working system’s defenses being loaded, exploitation requires bodily entry to the focused system.
Particularly, an area attacker wants to have the ability to join a malicious PCI Specific (PCIe) system to a pc with a susceptible motherboard.
[ Read: Intel, AMD Processors Affected by PCIe Vulnerabilities ]
ASRock, Asus, Gigabyte, and MSI have confirmed that a few of their motherboards are affected. Every vendor has launched its personal advisory to tell clients concerning the vulnerability and the provision of firmware patches.
In response to the CERT/CC advisory, merchandise from AMD, AMI, Insyde, Intel, Phoenix Applied sciences, and Supermicro usually are not impacted. Over a dozen distributors at present have an ‘unknown’ standing.
Technical particulars
The vulnerability, described as a safety mechanism failure, is said to UEFI implementations and the Enter-Output Reminiscence Administration Unit (IOMMU), which is designed to forestall malicious reminiscence entry from peripheral units.
The issue is that in the course of the boot course of the firmware signifies that direct reminiscence entry (DMA) protections are enabled, when in actuality the IOMMU is just not correctly configured and activated till instantly earlier than management is handed over to the working system.
This enables an attacker who has bodily entry to the focused system to make use of a malicious PCIe system to conduct a DMA assault.
CERT/CC defined in its advisory:
“In environments the place bodily entry can’t be absolutely managed or relied on, immediate patching and adherence to {hardware} safety greatest practices are particularly necessary. As a result of the IOMMU additionally performs a foundational function in isolation and belief delegation in virtualized and cloud environments, this flaw highlights the significance of guaranteeing appropriate firmware configuration even on methods not sometimes utilized in information facilities.”
The CVE identifiers CVE-2025-11901, CVE-2025‑14302, CVE-2025-14303, and CVE-2025-14304 have been assigned to the vulnerability.
The problem was responsibly disclosed by researchers from Riot Video games.
Associated: Patch Bypassed for Supermicro Vulnerability Permitting BMC Hack
Associated: Flaw in Industrial Pc Maker’s UEFI Apps Allows Safe Boot Bypass on Many Gadgets
Associated: MITRE Updates Checklist of Most Widespread {Hardware} Weaknesses
