{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/382314#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\nA newly identified vulnerability in some UEFI-supported motherboard models leaves systems vulnerable to early-boot DMA attacks across architectures that implement UEFI and IOMMU. Although the firmware indicates that DMA protection is active, it fails to correctly initialize the IOMMU. Therefore, a malicious PCIe device with physical access can read or modify system memory before the operating system’s defenses load. This exposes sensitive data and enables pre-boot code injection on affected systems running unpatched firmware.\r\n\r\n### Description\r\nModern systems rely on [UEFI firmware](https://uefi.org) and the [Input–Output Memory Management Unit (IOMMU)](https://www.intel.com/content/dam/develop/external/us/en/documents/intel-whitepaper-using-iommu-for-dma-protection-in-uefi-820238.pdf) to establish a secure foundation before the operating system loads. UEFI initializes hardware and enforces early security policies while the IOMMU restricts peripheral devices from performing unauthorized memory accesses. Together, these components help ensure that direct memory access (DMA)-capable devices cannot tamper with or inspect system memory during the critical pre-boot phase.\r\n\r\nA vulnerability discovered in certain UEFI implementations arises from a discrepancy between reported and actual DMA protection. Even though firmware asserts that DMA protections are active, it fails to properly configure and enable the IOMMU during the early hand-off phase in the boot sequence. This gap allows a malicious DMA-capable Peripheral Component Interconnect Express (PCIe) device with physical access to read or modify system memory before operating system-level safeguards are established. As a result, attackers could potentially access sensitive data in memory or influence the initial state of the system, thus undermining the integrity of the boot process.\r\n\r\nVendors whose products are affected have begun releasing firmware updates to correct the IOMMU initialization sequence and properly enforce DMA protections throughout boot. Users and administrators should apply these updates as soon as they become available to ensure their systems are not exposed to this class of pre-boot DMA attacks. In environments where physical access cannot be fully controlled or relied on, prompt patching and adherence to hardware security best practices are especially important.  Because the IOMMU also plays a foundational role in isolation and trust delegation in virtualized and cloud environments, this flaw highlights the importance of ensuring correct firmware configuration even on systems not typically used in data centers.\r\n\r\n### Impact\r\nImproper IOMMU initialization in UEFI firmware on some UEFI-based motherboards from multiple vendors allows a physically present attacker using a DMA-capable PCIe device to bypass early-boot memory protection. The attacker could access or alter system memory via DMA transactions processed before the operating system enables its security controls.\r\n\r\n### Solution\r\nUsers and administrators should apply the latest firmware updates as soon as they become available as these patches correct the IOMMU initialization issue and restore proper DMA protections during early boot. Because multiple vendors are affected and updates are being released on varying timelines, customers should regularly monitor the Vendor Information section for newly published advisories and updated firmware packages. Environments where physical access is difficult to control should prioritize patching promptly to reduce exposure to pre-boot DMA attacks.\r\n\r\n### Acknowledgements\r\nThanks to reporter Nick Peterson and Mohamed Al-Sharifi of Riot Games for identifying this issue and working with vendor teams and the [Taiwanese CERT](https://tinyurl.com/twcert) to coordinate the response and reach affected product vendors. This document was written by Vijay Sarvepalli.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"},{"category":"other","text":"This issue affects motherboards based on the Intel Z490, W480, B460, H410, Z590, B560, H510, Z690, B660, W680, Z790, B760, and W790 series chipsets.\r\n \r\nUsers are requested to download and update the BIOS to the specified version from the official website(https://www.asus.com/support/download-center/) and, in the BIOS Setup Utility, configure the IOMMU DMA Protection setting to “Enable with Full Protection.” And avoid using unknown addon devices that have not obtained security certification.\r\n \r\nReference procedure for updating the BIOS：https://www.asus.com/support/faq/1044348/","title":"Vendor statment from ASUSTeK Computer Inc."},{"category":"other","text":"AMI has reached out to manufacturers but have not had to provide assistance the issue resides outside of AMI code.","title":"Vendor statment from American Megatrends Incorporated (AMI)"},{"category":"other","text":"AMD is not impacted by this vulnerability.","title":"Vendor statment from AMD"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/382314"},{"url":"https://en.wikipedia.org/wiki/DMA_attack","summary":"https://en.wikipedia.org/wiki/DMA_attack"},{"url":"https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-PCIe-Device-Attacks-Beyond-DMA-Exploiting-PCIe-Switches-Messages-And-Errors.pdf","summary":"https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-PCIe-Device-Attacks-Beyond-DMA-Exploiting-PCIe-Switches-Messages-And-Errors.pdf"},{"url":"https://www.synacktiv.com/ressources/IOMMU_and_DMA_attacks_presentation_16_9.pdf","summary":"https://www.synacktiv.com/ressources/IOMMU_and_DMA_attacks_presentation_16_9.pdf"},{"url":"https://learn.microsoft.com/en-us/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt","summary":"https://learn.microsoft.com/en-us/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt"},{"url":"https://tinyurl.com/twcert","summary":"https://tinyurl.com/twcert"},{"url":"https://eclypsium.com/blog/direct-memory-access-attacks-a-walk-down-memory-lane/","summary":"https://eclypsium.com/blog/direct-memory-access-attacks-a-walk-down-memory-lane/"},{"url":"https://www.sei.cmu.edu/blog/uefi-terra-firma-for-attackers/","summary":"https://www.sei.cmu.edu/blog/uefi-terra-firma-for-attackers/"},{"url":"https://www.asus.com/security-advisory/","summary":"Reference(s) from vendor \"ASUSTeK Computer Inc.\""},{"url":"https://csr.msi.com/global/product-security-advisories","summary":"Reference(s) from vendor \"MSI - Micro-Star International Ltd\""},{"url":"https://www.gigabyte.com/Support/Security?type=1","summary":"Reference(s) from vendor \"GIGABYTE\""},{"url":"https://www.asrock.com/support/Security.asp","summary":"Reference(s) from vendor \"ASRock\""}],"title":"Vulnerability in UEFI firmware modules prevents IOMMU initialization on some UEFI-based motherboards","tracking":{"current_release_date":"2025-12-22T16:20:20+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#382314","initial_release_date":"2025-12-17 15:47:38.509413+00:00","revision_history":[{"date":"2025-12-22T16:20:20+00:00","number":"1.20251222162020.8","summary":"Released on 2025-12-22T16:20:20+00:00"}],"status":"final","version":"1.20251222162020.8"}},"vulnerabilities":[{"title":"MSI implementation of firmware on motherboards equipped with Intel chipsets fails to properly initialize the input–output memory management unit (IOMMU) for pre-boot DMA protection.","notes":[{"category":"summary","text":"MSI implementation of firmware on motherboards equipped with Intel chipsets fails to properly initialize the input–output memory management unit (IOMMU) for pre-boot DMA protection. IOMMU is a memory management unit that connects a direct-memory-access–capable (DMA-capable) I/O bus to the main memory. One advantage of having an IOMMU is that memory is protected from malicious devices that are attempting DMA attacks (a type of side channel attack that exploits the presence of a high speed expansion port that permits direct memory access) and faulty devices that are attempting errant memory transfers because a device cannot read or write to memory that has not been explicitly allocated (mapped) for it. The memory protection is based on the fact that OS running on the CPU exclusively controls both the MMU and the IOMMU. The devices are physically unable to circumvent or corrupt configured memory management tables. Although the \"Enable IOMMU during boot\" option is selected in the UEFI/BIOS settings and the DMAR ACPI table correctly sets the DMA_CTRL_PLATFORM_OPT_IN_FLAG to signal intent to the operating system, the underlying hardware protection is not actually enabled. The IOMMU page tables are not set up, and DMA remapping is not active in the pre-EBS (pre-ExitBootServices) environment. This allows an attacker with physical access and a DMA-capable PCIe device to freely read and write to arbitrary physical memory before the OS kernel and its security features (like Windows Kernel DMA Protection) are loaded. This effectively creates a security feature bypass, as the system falsely reports that DMA protection is active when it is not. The impact is a complete bypass of OS-level DMA protection, allowing for pre-boot code execution and compromise of system integrity."}],"cve":"CVE-2025-14303","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#382314"}],"product_status":{"known_affected":["CSAFPID-cd998980-3534-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-cd98a768-3534-11f1-8422-122e2785dc9f","CSAFPID-cd98dda0-3534-11f1-8422-122e2785dc9f","CSAFPID-cd991edc-3534-11f1-8422-122e2785dc9f","CSAFPID-cd99574e-3534-11f1-8422-122e2785dc9f"]}},{"title":"ASUS implementation of  firmware on motherboards equipped with Intel chipsets fails to properly initialize the input–output memory management unit (IOMMU) for pre-boot DMA protection.","notes":[{"category":"summary","text":"ASUS implementation of  firmware on motherboards equipped with Intel chipsets fails to properly initialize the input–output memory management unit (IOMMU) for pre-boot DMA protection.\r\n\r\nIOMMU is a memory management unit that connects a direct-memory-access–capable (DMA-capable) I/O bus to the main memory. One advantage of having an IOMMU is that memory is protected from malicious devices that are attempting DMA attacks (a type of side channel attack that exploits the presence of a high speed expansion port that permits direct memory access) and faulty devices that are attempting errant memory transfers because a device cannot read or write to memory that has not been explicitly allocated (mapped) for it. The memory protection is based on the fact that OS running on the CPU exclusively controls both the MMU and the IOMMU. The devices are physically unable to circumvent or corrupt configured memory management tables. Although the \"Enable IOMMU during boot\" option is selected in the UEFI/BIOS settings and the DMAR ACPI table correctly sets the DMA_CTRL_PLATFORM_OPT_IN_FLAG to signal intent to the operating system, the underlying hardware protection is not actually enabled. The IOMMU page tables are not set up, and DMA remapping is not active in the pre-EBS (pre-ExitBootServices) environment.\r\n\r\nThis allows an attacker with physical access and a DMA-capable PCIe device to freely read and write to arbitrary physical memory before the OS kernel and its security features (like Windows Kernel DMA Protection) are loaded. This effectively creates a security feature bypass, as the system falsely reports that DMA protection is active when it is not. The impact is a complete bypass of OS-level DMA protection, allowing for pre-boot code execution and compromise of system integrity."}],"cve":"CVE-2025-11901","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#382314"}],"references":[],"product_status":{"known_affected":["CSAFPID-cd99f78a-3534-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-cd9a34f2-3534-11f1-8422-122e2785dc9f","CSAFPID-cd9a7c82-3534-11f1-8422-122e2785dc9f","CSAFPID-cd9ab058-3534-11f1-8422-122e2785dc9f","CSAFPID-cd9ae546-3534-11f1-8422-122e2785dc9f","CSAFPID-cd9b1764-3534-11f1-8422-122e2785dc9f","CSAFPID-cd9b66ce-3534-11f1-8422-122e2785dc9f","CSAFPID-cd9ba21a-3534-11f1-8422-122e2785dc9f","CSAFPID-cd9bd604-3534-11f1-8422-122e2785dc9f","CSAFPID-cd9c24e2-3534-11f1-8422-122e2785dc9f"]}},{"title":"ASRock implementation of firmware on motherboards equipped with Intel chipsets fails to properly initialize the input–output memory management unit (IOMMU) for pre-boot DMA protection.","notes":[{"category":"summary","text":"ASRock implementation of firmware on motherboards equipped with Intel chipsets fails to properly initialize the input–output memory management unit (IOMMU) for pre-boot DMA protection. IOMMU is a memory management unit that connects a direct-memory-access–capable (DMA-capable) I/O bus to the main memory. One advantage of having an IOMMU is that memory is protected from malicious devices that are attempting DMA attacks (a type of side channel attack that exploits the presence of a high speed expansion port that permits direct memory access) and faulty devices that are attempting errant memory transfers because a device cannot read or write to memory that has not been explicitly allocated (mapped) for it. The memory protection is based on the fact that OS running on the CPU exclusively controls both the MMU and the IOMMU. The devices are physically unable to circumvent or corrupt configured memory management tables. Although the \"Enable IOMMU during boot\" option is selected in the UEFI/BIOS settings and the DMAR ACPI table correctly sets the DMA_CTRL_PLATFORM_OPT_IN_FLAG to signal intent to the operating system, the underlying hardware protection is not actually enabled. The IOMMU page tables are not set up, and DMA remapping is not active in the pre-EBS (pre-ExitBootServices) environment. This allows an attacker with physical access and a DMA-capable PCIe device to freely read and write to arbitrary physical memory before the OS kernel and its security features (like Windows Kernel DMA Protection) are loaded. This effectively creates a security feature bypass, as the system falsely reports that DMA protection is active when it is not. The impact is a complete bypass of OS-level DMA protection, allowing for pre-boot code execution and compromise of system integrity."}],"cve":"CVE-2025-14304","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#382314"}],"product_status":{"known_affected":["CSAFPID-cd9d5cea-3534-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-cd9c8b62-3534-11f1-8422-122e2785dc9f","CSAFPID-cd9cc21c-3534-11f1-8422-122e2785dc9f","CSAFPID-cd9cee2c-3534-11f1-8422-122e2785dc9f","CSAFPID-cd9d28c4-3534-11f1-8422-122e2785dc9f","CSAFPID-cd9da22c-3534-11f1-8422-122e2785dc9f"]}},{"title":"Gigabyte's firmware on motherboards equipped with Intel chipsets fails to properly initialize the input–output memory management unit (IOMMU) for pre-boot DMA protection.","notes":[{"category":"summary","text":"Gigabyte's firmware on motherboards equipped with Intel chipsets fails to properly initialize the input–output memory management unit (IOMMU) for pre-boot DMA protection. IOMMU is a memory management unit that connects a direct-memory-access–capable (DMA-capable) I/O bus to the main memory. One advantage of having an IOMMU is that memory is protected from malicious devices that are attempting DMA attacks (a type of side channel attack that exploits the presence of a high speed expansion port that permits direct memory access) and faulty devices that are attempting errant memory transfers because a device cannot read or write to memory that has not been explicitly allocated (mapped) for it. The memory protection is based on the fact that OS running on the CPU exclusively controls both the MMU and the IOMMU. The devices are physically unable to circumvent or corrupt configured memory management tables. Although the \"Enable IOMMU during boot\" option is selected in the UEFI/BIOS settings and the DMAR ACPI table correctly sets the DMA_CTRL_PLATFORM_OPT_IN_FLAG to signal intent to the operating system, the underlying hardware protection is not actually enabled. The IOMMU page tables are not set up, and DMA remapping is not active in the pre-EBS (pre-ExitBootServices) environment. This allows an attacker with physical access and a DMA-capable PCIe device to freely read and write to arbitrary physical memory before the OS kernel and its security features (like Windows Kernel DMA Protection) are loaded. This effectively creates a security feature bypass, as the system falsely reports that DMA protection is active when it is not. The impact is a complete bypass of OS-level DMA protection, allowing for pre-boot code execution and compromise of system integrity."}],"cve":"CVE-2025‑14302","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#382314"}],"product_status":{"known_affected":["CSAFPID-cd9e168a-3534-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-cd9e4d62-3534-11f1-8422-122e2785dc9f","CSAFPID-cd9e8ff2-3534-11f1-8422-122e2785dc9f","CSAFPID-cd9ed868-3534-11f1-8422-122e2785dc9f","CSAFPID-cd9f2d40-3534-11f1-8422-122e2785dc9f","CSAFPID-cd9f6fee-3534-11f1-8422-122e2785dc9f","CSAFPID-cd9fc2aa-3534-11f1-8422-122e2785dc9f","CSAFPID-cda0295c-3534-11f1-8422-122e2785dc9f"]}}],"product_tree":{"branches":[{"category":"vendor","name":"GIGABYTE","product":{"name":"GIGABYTE Products","product_id":"CSAFPID-cd98a768-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Intel","product":{"name":"Intel Products","product_id":"CSAFPID-cd98dda0-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Phoenix Technologies","product":{"name":"Phoenix Technologies Products","product_id":"CSAFPID-cd991edc-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"ASUSTeK Computer Inc.","product":{"name":"ASUSTeK Computer Inc. Products","product_id":"CSAFPID-cd99574e-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"MSI - Micro-Star International Ltd","product":{"name":"MSI - Micro-Star International Ltd Products","product_id":"CSAFPID-cd998980-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"ASUSTeK Computer Inc.","product":{"name":"ASUSTeK Computer Inc. Products","product_id":"CSAFPID-cd99f78a-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"American Megatrends Incorporated (AMI)","product":{"name":"American Megatrends Incorporated (AMI) Products","product_id":"CSAFPID-cd9a34f2-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Intel","product":{"name":"Intel Products","product_id":"CSAFPID-cd9a7c82-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Insyde Software Corporation","product":{"name":"Insyde Software Corporation Products","product_id":"CSAFPID-cd9ab058-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"AMD","product":{"name":"AMD Products","product_id":"CSAFPID-cd9ae546-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Phoenix Technologies","product":{"name":"Phoenix Technologies Products","product_id":"CSAFPID-cd9b1764-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"GIGABYTE","product":{"name":"GIGABYTE Products","product_id":"CSAFPID-cd9b66ce-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Supermicro","product":{"name":"Supermicro Products","product_id":"CSAFPID-cd9ba21a-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"ASRock","product":{"name":"ASRock Products","product_id":"CSAFPID-cd9bd604-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"MSI - Micro-Star International Ltd","product":{"name":"MSI - Micro-Star International Ltd Products","product_id":"CSAFPID-cd9c24e2-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"GIGABYTE","product":{"name":"GIGABYTE Products","product_id":"CSAFPID-cd9c8b62-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Intel","product":{"name":"Intel Products","product_id":"CSAFPID-cd9cc21c-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Phoenix Technologies","product":{"name":"Phoenix Technologies Products","product_id":"CSAFPID-cd9cee2c-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"ASUSTeK Computer Inc.","product":{"name":"ASUSTeK Computer Inc. Products","product_id":"CSAFPID-cd9d28c4-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"ASRock","product":{"name":"ASRock Products","product_id":"CSAFPID-cd9d5cea-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"MSI - Micro-Star International Ltd","product":{"name":"MSI - Micro-Star International Ltd Products","product_id":"CSAFPID-cd9da22c-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"GIGABYTE","product":{"name":"GIGABYTE Products","product_id":"CSAFPID-cd9e168a-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Intel","product":{"name":"Intel Products","product_id":"CSAFPID-cd9e4d62-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Insyde Software Corporation","product":{"name":"Insyde Software Corporation Products","product_id":"CSAFPID-cd9e8ff2-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Phoenix Technologies","product":{"name":"Phoenix Technologies Products","product_id":"CSAFPID-cd9ed868-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"ASUSTeK Computer Inc.","product":{"name":"ASUSTeK Computer Inc. Products","product_id":"CSAFPID-cd9f2d40-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Supermicro","product":{"name":"Supermicro Products","product_id":"CSAFPID-cd9f6fee-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"ASRock","product":{"name":"ASRock Products","product_id":"CSAFPID-cd9fc2aa-3534-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"MSI - Micro-Star International Ltd","product":{"name":"MSI - Micro-Star International Ltd Products","product_id":"CSAFPID-cda0295c-3534-11f1-8422-122e2785dc9f"}}]}}