UEFI Flaw Enables Early-Boot DMA Attacks on Major Motherboard Vendors

UEFI Firmware Vulnerability Allows Early-Boot DMA Attacks

A security flaw in UEFI implementations across ASRock, ASUS, GIGABYTE, and MSI motherboards allows attackers to perform Direct Memory Access (DMA) attacks before the operating system’s security measures are active. The vulnerability stems from a failure to properly initialize the IOMMU during the boot process, despite firmware reporting DMA protection as enabled.

Modern systems rely on UEFI and IOMMU to protect memory from unauthorized access by peripherals; however, this flaw bypasses these protections, potentially allowing attackers to inject code or steal sensitive data. The estimated cost of remediation, including firmware updates and potential hardware replacements, could reach millions for large organizations.

Key Insights

• CVE-2025-14304: Affects ASRock motherboards using Intel 500-800 series chipsets.
• IOMMU Bypass: The vulnerability allows attackers to bypass IOMMU protections during early boot.
• Riot Games Discovery: The flaw was discovered by security researchers at Riot Games while investigating hardware cheating in gaming environments.

Working Example

(No code example available in the provided context)

Practical Applications

• Gaming Industry: Riot Games discovered the vulnerability to prevent hardware-based cheating.
• Pitfall: Relying solely on BIOS settings for DMA protection without verifying proper IOMMU initialization can create a false sense of security.

References:

• https://thehackernews.com/2025/12/new-uefi-flaw-enables-early-boot-dma.html