A security vulnerability has been identified in specific motherboard models from manufacturers such as ASRock, ASUSTeK Computer, GIGABYTE, and MSI. This flaw makes these systems vulnerable to direct memory access (DMA) attacks during the early boot phase, impacting architectures that utilize a Unified Extensible Firmware Interface (UEFI) and an input–output memory management unit (IOMMU).
UEFI and IOMMU technologies are intended to establish a secure foundation, preventing unauthorized memory access by peripherals. Their purpose is to ensure that DMA-capable devices cannot manipulate or inspect system memory before the operating system fully loads.
Discovered by Nick Peterson and Mohamed Al-Sharifi from Riot Games, this vulnerability in certain UEFI implementations stems from a mismatch in DMA protection status. The firmware incorrectly reports DMA protection as active, yet it fails to properly configure and enable the IOMMU during the crucial early boot stage.
According to an advisory from the CERT Coordination Center (CERT/CC), this oversight permits a malicious Peripheral Component Interconnect Express (PCIe) device with DMA capabilities and physical access to read or modify system memory before the operating system’s security measures are fully in place.
Consequently, an attacker could potentially gain access to sensitive data in memory or alter the system’s initial configuration, thereby compromising the boot process’s integrity.
Exploiting this vulnerability successfully could enable an attacker with physical access to inject code during the pre-boot phase on systems with unpatched firmware. This allows them to access or modify system memory through DMA transactions well before the operating system kernel and its security features are loaded.
The specific vulnerabilities that allow for bypassing early-boot memory protection include:
- CVE-2025-14304 (CVSS score: 7.0) – A protection mechanism failure vulnerability affecting ASRock, ASRock Rack, and ASRock Industrial motherboards using Intel 500, 600, 700, and 800 series chipsets
- CVE-2025-11901 (CVSS score: 7.0) – A protection mechanism failure vulnerability affecting ASUS motherboards using Intel Z490, W480, B460, H410, Z590, B560, H510, Z690, B660, W680, Z790, B760, and W790 series chipsets
- CVE-2025-14302 (CVSS score: 7.0) – A protection mechanism failure vulnerability affecting GIGABYTE motherboards using Intel Z890, W880, Q870, B860, H810, Z790, B760, Z690, Q670, B660, H610, W790 series chipsets, and AMD X870E, X870, B850, B840, X670, B650, A620, A620A, and TRX50 series chipsets (Fix for TRX50 planned for Q1 2026)
- CVE-2025-14303 (CVSS score: 7.0) – A protection mechanism failure vulnerability affecting MSI motherboards using Intel 600 and 700 series chipsets
Impacted vendors are releasing firmware updates to rectify the IOMMU initialization sequence and ensure DMA protections are enforced throughout the boot process. It is crucial for users and administrators to apply these updates promptly to remain protected against this threat.
CERT/CC emphasized that in environments where physical access cannot be entirely controlled, immediate patching and adherence to hardware security best practices are particularly vital. The organization also noted that since the IOMMU is fundamental to isolation and trust delegation in virtualized and cloud settings, this flaw underscores the necessity of correct firmware configuration, even on systems not typically deployed in data centers.
Update
In a separate communication, Riot Games stated that this critical flaw could be exploited for code injection. The privileged state during the early boot sequence can be manipulated before the operating system activates its security controls.
Al-Sharifi described this as a “Sleeping Bouncer” problem, explaining that the issue allowed hardware cheats to potentially inject code without detection, even when the host’s security settings seemed to be active.
Pre-Boot DMA Protection aims to prevent unauthorized DMA access to system memory via IOMMU during the early boot sequence. However, this vulnerability arises because the firmware incorrectly signals to the operating system that this feature is fully active, despite failing to properly initialize the IOMMU during the initial boot phase.
Al-Sharifi further explained that even though ‘Pre-Boot DMA Protection’ settings seemed enabled in the BIOS, the hardware was not fully initializing the IOMMU during the very first seconds of the boot process. He likened it to the system’s ‘bouncer’ appearing to be on duty but actually being asleep, meaning that by the time the system is fully loaded, there’s no absolute certainty that no integrity-breaking code was injected via DMA.
This brief window for exploitation could allow a “sophisticated hardware cheat” to infiltrate, acquire elevated privileges, and remain hidden without detection. Riot Games noted that by addressing this pre-boot loophole, an entire category of previously undetectable cheats is being neutralized, significantly increasing the difficulty and cost of unfair play.
While this vulnerability has been discussed primarily within the gaming sector, its security implications extend to any attack scenario where physical access can be leveraged to inject malicious code.
