InfoSecBulletin Cybersecurity for mankind
Certain motherboards from ASUS, Gigabyte, MSI, and ASRock are susceptible to DMA attacks that can bypass early-boot memory protections. This security flaw has several identifiers (CVE-2025-11901, CVE-2025‑14302, CVE-2025-14303, and CVE-2025-14304)due to differences in vendor implementations.
The vulnerability found by Nick Peterson and Mohamed Al-Sharifi of Riot Games in some UEFI implementations involves a mismatch in DMA protection. Although the firmware claims DMA protection is active, it does not properly set up the IOMMU during the crucial boot phase.
Bajaj Auto System Hit by a Ransomware Attack
Cisco Unified CM flaw CVE-2026-20230 exploited in attacks
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
“This gap allows a malicious DMA-capable Peripheral Component Interconnect Express (PCIe) device with physical access to read or modify system memory before operating system-level safeguards are established,” the CERT Coordination Center (CERT/CC) said in an advisory.
“As a result, attackers could potentially access sensitive data in memory or influence the initial state of the system, thus undermining the integrity of the boot process.”
Successful exploitation of the vulnerability could let an attacker with physical access run unauthorized code on affected systems with outdated firmware and read or change system memory before the operating system and its security protections are active.
The vulnerabilities that enable a bypass of early-boot memory protection are listed below:
CVE-2025-14304: A protection mechanism failure vulnerability affecting ASRock, ASRock Rack, and ASRock Industrial motherboards using Intel 500, 600, 700, and 800 series chipsets
CVE-2025-11901: A protection mechanism failure vulnerability affecting ASUS motherboards using Intel Z490, W480, B460, H410, Z590, B560, H510, Z690, B660, W680, Z790, B760, and W790 series chipsets
CVE-2025-14302: A protection mechanism failure vulnerability affecting GIGABYTE motherboards using Intel Z890, W880, Q870, B860, H810, Z790, B760, Z690, Q670, B660, H610, W790 series chipsets, and AMD X870E, X870, B850, B840, X670, B650, A620, A620A, and TRX50 series chipsets (Fix for TRX50 planned for Q1 2026)
CVE-2025-14303: A protection mechanism failure vulnerability affecting MSI motherboards using Intel 600 and 700 series chipsets
It is important for users and administrators to apply firmware updates promptly to remain protected against this issue.
“In environments where physical access cannot be fully controlled or relied on, prompt patching and adherence to hardware security best practices are especially important,” CERT/CC said. “Because the IOMMU also plays a foundational role in isolation and trust delegation in virtualized and cloud environments, this flaw highlights the importance of ensuring correct firmware configuration even on systems not typically used in data centers.”
