Early-Boot Attack: UEFI Flaw in ASRock, ASUS, & MSI Boards Lets Hackers Bypass OS Security via PCIe

A fundamental breakdown in how modern computers secure themselves during the boot process has been exposed, leaving systems vulnerable to physical attacks that can bypass operating system defenses entirely. A new vulnerability note from CERT/CC reveals that certain UEFI firmware implementations fail to properly initialize critical hardware protections, allowing attackers to read and write system memory before the OS even loads.

The vulnerability, which affects multiple vendors but specifically highlights ASRock hardware under CVE-2025-14304, turns a feature designed for speed—Direct Memory Access (DMA)—into a potent weapon for anyone with physical access to the machine.

Modern computers rely on a component called the Input-Output Memory Management Unit (IOMMU) to act as a gatekeeper, preventing peripheral devices from accessing sensitive parts of the system memory without permission. However, this new flaw reveals a dangerous discrepancy between what the system reports and what it actually does.

According to the report, “Although the firmware indicates that DMA protection is active, it fails to correctly initialize the IOMMU”.

This creates a window of opportunity during the “early-boot” phase. Because the gatekeeper isn’t doing its job, a malicious device plugged into a PCIe port—such as a compromised network card or a specialized attack tool—can essentially loot the system’s memory before the operating system has a chance to turn on its own shields.

The implications of this “Protection Mechanism Failure” are severe for environments where physical security cannot be guaranteed.

“A malicious PCIe device with physical access can read or modify system memory before the operating system’s defenses load”.

By injecting code or extracting secrets during this pre-boot phase, attackers can compromise the system at a level that is invisible to antivirus software or OS-level security controls. The report warns that this flaw “exposes sensitive data and enables pre-boot code injection on affected systems running unpatched firmware”.

While the vulnerability note indicates that “multiple vendors are affected,” it specifically calls out ASRock and its subsidiaries, ASRockRack and ASRockInd.

Tracked as CVE-2025-14304 with a CVSS score of 7.0, the specific flaw in ASRock motherboards means “unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security features are loaded”. Also, this flaw affects ASUS (CVE-2025-11901), GIGABYTE (CVE-2025-14302), and MSI (CVE-2025-14303) motherboards.

Administrators are urged to treat firmware updates with the same urgency as OS patches.

CERT/CC advises: “Because multiple vendors are affected and updates are being released on varying timelines, customers should regularly monitor the Vendor Information section for newly published advisories and updated firmware packages”.

For organizations with high-security requirements, the advice is even stricter: “Environments where physical access is difficult to control should prioritize patching promptly to reduce exposure to pre-boot DMA attacks”.

Related Posts:

• HP and ASRock withdraw CPU security patch due to computer restart frequently
• Critical PCIe 6.0 Flaws Risk Secure Data Integrity via Stale Data Injection in IDE Mechanism
• PCIe 8.0 Promises a Mind-Bending 1TB/s of Bandwidth, But Not for Your PC
• Apple Blames EU’s DMA for Delayed iPhone Features, Citing New Security and Privacy Risks