CVE-2025-14304
Unknown Unknown - Not Provided

IOMMU Protection Bypass in ASRock Motherboards Enables DMA Attacks

Vulnerability report for CVE-2025-14304, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-17

Last updated on: 2025-12-17

Assigner: TWCERT/CC

Description

Certain motherboard models developed by ASRock and its subsidiaries, ASRockRack and ASRockInd. has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security features are loaded.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-17
Last Modified
2025-12-17
Generated
2026-07-06
AI Q&A
2025-12-17
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
asrock motherboard *
asrockind motherboard *
asrockrack motherboard *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects certain ASRock motherboards and their subsidiaries' models due to a Protection Mechanism Failure where the IOMMU (Input-Output Memory Management Unit) was not properly enabled. This flaw allows an unauthenticated physical attacker with a DMA-capable PCIe device to read and write arbitrary physical memory before the operating system kernel and its security features are loaded. [2, 3]

Impact Analysis

The vulnerability can lead to a full compromise of the system's confidentiality, integrity, and availability. An attacker with physical access and a DMA-capable PCIe device can read and write arbitrary physical memory before the OS kernel loads, potentially allowing them to bypass security features and control or disrupt the system. [2, 3]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the motherboard firmware to the latest version provided by the vendor. Firmware updates have been released for all affected motherboards except those using the Intel 500 series chipset, which are still pending patches. Users should apply these updates as soon as they become available to properly enable the IOMMU and prevent unauthorized DMA access. [2, 3]

Compliance Impact

The vulnerability allows unauthenticated physical attackers to read and write arbitrary physical memory before the OS kernel and its security features are loaded, leading to high risks to confidentiality, integrity, and availability of the system. Such a compromise could potentially lead to violations of data protection standards like GDPR and HIPAA, which require safeguarding sensitive data and ensuring system integrity. However, the provided resources do not explicitly discuss compliance impacts with these standards. [2, 3]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14304. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart