CVE-2025-14304
IOMMU Protection Bypass in ASRock Motherboards Enables DMA Attacks
Publication date: 2025-12-17
Last updated on: 2025-12-17
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| asrock | motherboard | * |
| asrockind | motherboard | * |
| asrockrack | motherboard | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects certain ASRock motherboards and their subsidiaries' models due to a Protection Mechanism Failure where the IOMMU (Input-Output Memory Management Unit) was not properly enabled. This flaw allows an unauthenticated physical attacker with a DMA-capable PCIe device to read and write arbitrary physical memory before the operating system kernel and its security features are loaded. [2, 3]
How can this vulnerability impact me? :
The vulnerability can lead to a full compromise of the system's confidentiality, integrity, and availability. An attacker with physical access and a DMA-capable PCIe device can read and write arbitrary physical memory before the OS kernel loads, potentially allowing them to bypass security features and control or disrupt the system. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the motherboard firmware to the latest version provided by the vendor. Firmware updates have been released for all affected motherboards except those using the Intel 500 series chipset, which are still pending patches. Users should apply these updates as soon as they become available to properly enable the IOMMU and prevent unauthorized DMA access. [2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated physical attackers to read and write arbitrary physical memory before the OS kernel and its security features are loaded, leading to high risks to confidentiality, integrity, and availability of the system. Such a compromise could potentially lead to violations of data protection standards like GDPR and HIPAA, which require safeguarding sensitive data and ensuring system integrity. However, the provided resources do not explicitly discuss compliance impacts with these standards. [2, 3]