UEFI Vulnerability in Major Motherboards Enables Early-Boot Attacks

Posted on By CWS

Motherboards from a number of main distributors are affected by a vulnerability that may permit a risk actor to conduct early-boot assaults.

In response to an advisory printed on Wednesday by Carnegie Mellon College’s CERT/CC, an attacker can exploit the vulnerability to entry information in reminiscence or affect the preliminary state of the system.

The safety gap may permit an attacker to acquire delicate information and conduct pre-boot code injection. 

Whereas the difficulty could sound crucial because it undermines the integrity of the boot course of and permits assaults to be carried out previous to the working system’s defenses being loaded, exploitation requires bodily entry to the focused machine.

Particularly, an area attacker wants to have the ability to join a malicious PCI Specific (PCIe) machine to a pc with a weak motherboard.

[ Read: Intel, AMD Processors Affected by PCIe Vulnerabilities ]

ASRock, Asus, Gigabyte, and MSI have confirmed that a few of their motherboards are affected. Every vendor has launched its personal advisory to tell clients in regards to the vulnerability and the provision of firmware patches.

In response to the CERT/CC advisory, merchandise from AMD, AMI, Insyde, Intel, Phoenix Applied sciences, and Supermicro should not impacted. Over a dozen distributors presently have an ‘unknown’ standing. Commercial. Scroll to proceed studying.

Technical particulars

The vulnerability, described as a safety mechanism failure, is said to UEFI implementations and the Enter-Output Reminiscence Administration Unit (IOMMU), which is designed to forestall malicious reminiscence entry from peripheral gadgets.

The issue is that in the course of the boot course of the firmware signifies that direct reminiscence entry (DMA) protections are enabled, when in actuality the IOMMU is just not correctly configured and activated till instantly earlier than management is handed over to the working system.

This permits an attacker who has bodily entry to the focused system to make use of a malicious PCIe machine to conduct a DMA assault.

CERT/CC defined in its advisory: 

“In environments the place bodily entry can’t be absolutely managed or relied on, immediate patching and adherence to {hardware} safety greatest practices are particularly vital. As a result of the IOMMU additionally performs a foundational function in isolation and belief delegation in virtualized and cloud environments, this flaw highlights the significance of guaranteeing right firmware configuration even on programs not usually utilized in information facilities.”

The CVE identifiers CVE-2025-11901, CVE-2025‑14302, CVE-2025-14303, and CVE-2025-14304 have been assigned to the vulnerability.

The difficulty was responsibly disclosed by researchers from Riot Video games.

Associated: Patch Bypassed for Supermicro Vulnerability Permitting BMC Hack

Associated: Flaw in Industrial Laptop Maker’s UEFI Apps Permits Safe Boot Bypass on Many Units

Associated: MITRE Updates Checklist of Most Widespread {Hardware} Weaknesses

Security Week News Tags:, , , , , ,

Related Posts

Choosing a Clear Direction in the Face of Growing Cybersecurity Demands Security Week News
Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day Security Week News
High-Severity Vulnerabilities Patched by Fortinet and Ivanti Security Week News
In Other News: Norway Dam Hacked, $177M Data Breach Settlement, UNFI Attack Update Security Week News
Critical Nvidia Toolkit Flaw Exposes AI Cloud Services to Hacking Security Week News
RegScale Raises $30 Million for GRC Platform Security Week News