Certain motherboard models from ASRock, ASUSTeK Computer, GIGABYTE and MSI contain a firmware vulnerability that can allow early-boot direct memory access attacks across systems that implement the Unified Extensible Firmware Interface and the input–output memory management unit (IOMMU).
Researchers Nick Peterson and Mohamed Al-Sharifi of Riot Games identified the problem as a discrepancy in the DMA protection status: firmware reports DMA protection as active but fails to configure and enable the IOMMU during the critical early boot phase, leaving a window where peripherals can access system memory.
The CERT Coordination Center said the gap allows a malicious DMA-capable Peripheral Component Interconnect Express (PCIe) device with physical access to read or modify system memory before operating system-level safeguards are established, which could expose sensitive data or allow pre-boot code injection.
Vendors and coordinators have assigned four CVEs for the issue: CVE-2025-14304 (CVSS 7.0) affects ASRock, ASRock Rack and ASRock Industrial boards with Intel 500–800 series chipsets; CVE-2025-11901 (CVSS 7.0) affects ASUS motherboards with a range of Intel 400–700 and 700–series chipsets; CVE-2025-14302 (CVSS 7.0) affects GIGABYTE boards across several Intel and AMD chipsets (a fix for TRX50 was planned for Q1 2026); and CVE-2025-14303 (CVSS 7.0) affects MSI motherboards using Intel 600 and 700 series chipsets.
Impacted vendors have released firmware updates to correct the IOMMU initialization sequence and enforce DMA protections throughout the boot process, and administrators and users are urged to apply those updates promptly. CERT/CC also noted that systems with uncontrolled physical access and those that rely on IOMMU for isolation in virtualized or cloud environments are especially at risk.