—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Multiple Motherboards 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

ASRock motherboards using Intel 500, 600, 700, and 800 series chipsets

ASUS motherboards using Intel Z490, W480, B460, H410, Z590, B560, H510, Z690, B660, W680, Z790, B760, and W790 series chipsets

GIGABYTE motherboards using Intel Z890, W880, Q870, B860, H810, Z790, B760, Z690, Q670, B660, H610, W790 series chipsets

AMD motherboards using Intel X870E, X870, B850, B840, X670, B650, A620, A620A series chipsets

MSI motherboards using Intel 600 and 700 series chipsets

Overview

A vulnerability has been reported in multiple motherboards, which could be exploited by an attacker to bypass security restrictions and compromise the integrity of the targeted system.

Target Audience:

All end-user organisations and individuals using ASRock, ASUS, GIGABYTE, AMD and MSI motherboards

Impact Assessment:

Potential for Elevation of Privilege.

Description

These vulnerabilities exist due to improper enforcement of DMA protections during the early boot phase, which could allow a local attacker with physical access to exploit a malicious PCIe device to gain unauthorised access to system memory before the operating system loads.

Successful exploitation of these vulnerabilities could allow the attacker to bypass security restrictions and compromise the integrity of the targeted system.

Solution

Apply the security updates released by the vendors:

https://www.asrock.com/support/Security.asp

https://csr.msi.com/global/product-security-advisories

https://www.gigabyte.com/Support/Security?type=1

https://www.asus.com/security-advisory/

Vendor Information

 

https://www.asrock.com/support/Security.asp

https://csr.msi.com/global/product-security-advisories

https://www.gigabyte.com/Support/Security?type=1

https://www.asus.com/security-advisory/

References

 

https://www.securityweek.com/uefi-vulnerability-in-major-motherboards-enables-early-boot-attacks/

CVE Name

CVE-2025-11901

CVE-2025-14302

CVE-2025-14303

CVE-2025-14304

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmlL9RkACgkQ3jCgcSdc

ys+4eA//YxE7Ye0JusNrdzC+Jq7NiX5Pya71rGYwmpFr8J4raeBCIAALkXHY1uNE

nIuTtq3j6CKIWX3ajMX/xCyBL5u2svQ/xV6y9sge6U8OB/aalycbh/YosdtCxBQI

hPSkcg+MkJ6njLdoZ/uQV7qEz8XxhLDXOJv0L36PplW7M/mt9uHhwpFO8b2qGqH8

5x59g3ybLUVvS33LBoh0Mf2RFKuy8TVUunBuLf659uHTedTFuKHPzpcRmOoITCS7

wpsAkkhrGsHTCQbV8zvQtrIW2aRr7P0Ox+2/DuEQb9pJUhkdrJ6uuEJzbk0d0G+j

U14pRG5AvlJwc6VJI0tkCFLFUmShhelR/UFLg5L0VttNtRC1YMucON+vJ/aG89AR

HeVVmQ2cW3KHDHgWj3x/5daBee3uDttPdSAAVXIPeW7PI1zu4O9wO4mcH6PHndgR

E01o8nfAcelfTJlWsDnRLFoPALkFfvybM6v9KJsjecvz2pnxTRZ7hgTCkAiSR1fV

w61bskKpB/Och0WKzqMtG5WG17s1uLP5zScipKOSpR5OAenmgMi9C/uwePMsSh/R

N8eNWZfQpzy4QL8NkolfJxeOsxo3pjtUSzXUHD4RBhN5r4Si6jg/+Wuw+TWqghvd

2xYI1Wxo+jZvO9Z0ZYRg1mxLlVcZWN6eyw+TFXLF4nuVGNDzvUk=

=Fkox

—–END PGP SIGNATURE—–