New UEFI Flaw in Major Motherboards Leaves Systems Open to Early-Boot DMA Attacks
A critical IOMMU flaw affecting ASUS, GIGABYTE, MSI, and ASRock motherboards allows attackers to bypass secure boot via early-boot DMA attacks. New research reveals how this vulnerability exposes systems before the OS loads. Check if your hardware is listed and apply firmware updates immediately
A critical security vulnerability affecting motherboards from major manufacturers including ASUS, GIGABYTE, MSI, and ASRock has been disclosed, revealing a flaw that exposes systems to early-boot attacks. The vulnerability, which involves a failure in Direct Memory Access (DMA) protections, allows attackers to manipulate system memory before the operating system’s security defenses are even loaded.
The flaw was discovered by researchers Nick Peterson and Mohamed Al-Sharifi of Riot Games and coordinated with the Carnegie Mellon University CERT Coordination Center (CERT/CC). Details of the vulnerability were made public in advisories released this week (December 17, 2025).
The vulnerability centers on the Input-Output Memory Management Unit (IOMMU), a critical component designed to restrict how peripheral devices access system memory. According to the CERT/CC advisory, while the affected UEFI firmware claims that DMA protections are active during the boot process, it fails to actually configure and enable the IOMMU correctly during the early "hand-off" phase.
How the Attack Works
This security gap creates a window of opportunity for "Direct Memory Access" (DMA) attacks. In a standard secure boot chain, the IOMMU should prevent malicious peripherals from reading or writing to memory without permission.
However, due to this configuration failure, an attacker with physical access to the machine could plug in a malicious PCI Express (PCIe) device. This device can then read or modify sensitive system memory and inject malicious code before the operating system (such as Windows or Linux) and its kernel-level security measures are fully initialized.
"Attackers could potentially access sensitive data in memory or influence the initial state of the system, thus undermining the integrity of the boot process," warned the CERT/CC advisory.
Affected Hardware and CVEs
The vulnerability affects a wide range of motherboards using both Intel and AMD chipsets. The specific tracking codes (CVEs) assigned to these flaws include:
- CVE-2025-11901: Affecting ASUS motherboards (Intel Z790, Z690, and others).
- CVE-2025-14302: Affecting GIGABYTE motherboards (Intel Z890, AMD X870E, and others).
- CVE-2025-14303: Affecting MSI motherboards (Intel 600 and 700 series).
- CVE-2025-14304: Affecting ASRock motherboards (Intel 600, 700, and 800 series).
GIGABYTE has already acknowledged the issue in a security advisory, stating they are "committed to providing secure and reliable products" and have begun releasing BIOS updates to rectify the IOMMU initialization sequence.
Risk and Mitigation
While the attack requires physical access to the device to install a malicious PCIe card, the impact is severe for high-security environments. Traditional OS-level security software cannot detect or stop an attack that modifies the system memory before the OS even starts.
What Users Should Do:
- Update Firmware Immediately: Check the support page for your motherboard manufacturer (ASUS, GIGABYTE, MSI, ASRock) and download the latest BIOS/UEFI firmware update.
- Monitor Physical Access: In sensitive corporate or data center environments, ensure that physical access to hardware is strictly controlled to prevent the installation of malicious peripherals.
