FirmGuard is monitoring coordinated disclosures regarding a vulnerability affecting certain UEFI-based motherboards from multiple vendors. The issue involves improper initialization of IOMMU protections during early boot, leaving affected systems vulnerable to pre-boot Direct Memory Access attacks.
Identified by Riot Games and disclosed in coordination with CERT/CC (VU#382314), the vulnerability occurs when firmware reports DMA protections as enabled but fails to correctly configure the IOMMU. A malicious PCIe device with physical access could exploit this gap to read or modify system memory before OS controls are active.
The issue impacts select Intel-based motherboards from Asus, ASRock, GIGABYTE, and MSI running vulnerable firmware. Affected vendors have begun releasing patches to correct the IOMMU initialization process.
Impact
A physically present attacker could bypass early memory protections using a DMA-capable PCIe device, potentially exposing sensitive data or compromising boot integrity.
Recommendations
FirmGuard recommends applying the latest firmware updates as they become available and monitoring vendor advisories for additional guidance, particularly in environments where physical access is difficult to control.
Associated advisories and CVEs include:
- Asus – CVE-2025-11901
- ASRock – CVE-2025-14304
- GIGABYTE – CVE-2025-14302
- MSI – CVE-2025-14303
FirmGuard will continue to monitor this disclosure and provide updates as needed.