New UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRock

Forum|Forum|17 days ago
December 19, 2025
1 reply
18 views

+54

Jasper_The_Rasper
Moderator

December 19, 2025 By Bill Toulas

New UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRock

The UEFI firmware implementation in some motherboards from ASUS, Gigabyte, MSI, and ASRock is vulnerable to direct memory access (DMA) attacks that can bypass early-boot memory protections.

The security issue has received multiple identifiers (CVE-2025-11901, CVE-2025‑14302, CVE-2025-14303, and CVE-2025-14304) due to differences in vendor implementations

DMA is a hardware feature that allows devices such as graphics cards, Thunderbolt devices, and PCIe devices to read and write directly to RAM without involving the CPU.

IOMMU is a hardware-enforced memory firewall that sits between devices and RAM, controlling which memory regions are accessible for each device.

During early boot, when UEFI firmware initializes, IOMMU must activate before DMA attacks are possible; otherwise, there is no protection in place to stop reading or writing on memory regions via physical access.

>>Full Article<<

S

+19

SXR6
Community Expert Advisor
Forum|Forum|16 days ago
December 20, 2025

Thanks Jasper.
I have a motherboard affected by this and had already updated the Bios to the latest version which the vendor reported in a link from the full article had fixed this issue.
I often see posts in various forums etc, if your computer is running fine don’t update the Bios etc but what these posters don’t realise is there is sometimes unpublished reasons for the vendor to release a Bios update.

Like

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded