A vulnerability affecting motherboards from ASRock, Asus, Gigabyte, and MSI can enable early-boot attacks via malicious PCIe devices. This flaw exploits UEFI and IOMMU misconfigurations, risking data leakage and system compromise, especially in environments with physical access. #PCIeVulnerability #IOMMUFlaw
Keypoints
- A hardware vulnerability affects several major motherboard vendors, allowing pre-boot attacks.
- Exploitation requires physical access and the connection of a malicious PCIe device.
- The flaw is related to UEFI firmware and IOMMU configuration issues during the boot process.
- Vendor firmware updates are available to mitigate the vulnerability, but some productsβ status remains unknown.
- The vulnerability is assigned CVE identifiers CVE-2025-11901, CVE-2025-14302, CVE-2025-14303, and CVE-2025-14304.
Read More: https://www.securityweek.com/uefi-vulnerability-in-major-motherboards-enables-early-boot-attacks/