Join thousands who save more and shop better with exclusive offers from NextTrendDeals

New UEFI Firmware Flaw Exposes Widespread Motherboards To Assaults

Cybersecurity specialists simply discovered a flaw in the UEFI firmware that many trendy motherboards use. The “bug” might let attackers do direct reminiscence entry (DMA) assaults on methods, which can allow unauthorized customers to achieve deep and chronic entry to affected methods below sure circumstances, and the worst half is that it impacts boards from a number of main producers, together with Gigabyte, MSI, ASUS, and ASRock.

To offer you context, the PC motherboard incorporates low-level software program known as UEFI, or Unified Extensible Firmware Interface, which securely begins the working system and initializes {hardware} elements. Certainly one of its main safety obligations is to allow the Enter-Output Reminiscence Administration Unit (IOMMU), a hardware-based isolation mechanism that’s meant to safeguard system reminiscence. If arrange appropriately, the IOMMU stops exterior units from studying or writing to random elements of system RAM.

Elements comparable to PCIe enlargement playing cards, Thunderbolt peripherals, GPUs, and related {hardware} that may entry reminiscence straight with out passing by way of the CPU are included in DMA-capable units. Malicious or compromised {hardware} can have much less of an impression as a result of these units are restricted to explicit reminiscence areas if the IOMMU is operational and correctly initialized.

The not too long ago found vulnerability is attributable to the fallacious means this safety was arrange; in affected motherboards, the UEFI firmware says that DMA safety is on, although the IOMMU was by no means totally or appropriately arrange, after which the working system consequently assumes that reminiscence protections are carried out, although they aren’t actively enforced.

The problem is being tracked below a number of vulnerability identifiers: CVE-2025-11901, CVE-2025-14302, CVE-2025-14303, and CVE-2025-14304, as motherboard distributors implement UEFI options in another way.

Researchers at Riot Video games, the developer of well-known multiplayer video games like League of Legends and Valorant, had been the primary ones to determine the vulnerability. Vanguard, Riot’s anti-cheat system, is carried out on the kernel degree and incorporates safeguards which can be meant to forestall unauthorized system manipulation. Valorant could also be prevented from launching on methods which can be affected by this particular flaw, as it detects an unsafe {hardware} safety state.

There may be an essential limitation to consider, although the attainable impact could possibly be horrible: the power to bodily entry the system and join a malicious PCIe or related system earlier than the working system boots up are conditions for a DMA assault. Consequently, the likelihood of widespread exploitation is considerably diminished, notably for residential customers.

Customers are being suggested to monitor updates from their motherboard producers and apply any accessible firmware patches. Updating the UEFI firmware continues to be important to preserving system safety, notably in mild of the continued evolution of hardware-level assaults.

Filed in Computers. Learn extra about , , , and .

Trending Merchandise

- 38% KEDIERS White PC CASE ATX 5 PWM ARG...
Original price was: $149.71.Current price is: $92.99.

KEDIERS White PC CASE ATX 5 PWM ARG...

0
Add to compare
- 6% Thermaltake Tower 500 Vertical Mid-...
Original price was: $159.99.Current price is: $149.99.

Thermaltake Tower 500 Vertical Mid-...

0
Add to compare
- 5% ASUS TUF Gaming 27″ 1080P Mon...
Original price was: $199.00.Current price is: $189.00.

ASUS TUF Gaming 27″ 1080P Mon...

0
Add to compare
- 41% Cooler Master Q300L V2 Micro-ATX To...
Original price was: $101.38.Current price is: $59.99.

Cooler Master Q300L V2 Micro-ATX To...

0
Add to compare
- 15% LG 27MP400-B 27 Inch Monitor Full H...
Original price was: $129.99.Current price is: $109.99.

LG 27MP400-B 27 Inch Monitor Full H...

0
Add to compare
- 10% NETGEAR Nighthawk 6-Stream Dual-Ban...
Original price was: $199.99.Current price is: $179.99.

NETGEAR Nighthawk 6-Stream Dual-Ban...

0
Add to compare
- 25% HP 15.6″ Touchscreen Laptop c...
Original price was: $809.97.Current price is: $609.00.

HP 15.6″ Touchscreen Laptop c...

0
Add to compare
- 10% Sceptre 4K IPS 27″ 3840 x 216...
Original price was: $199.97.Current price is: $179.97.

Sceptre 4K IPS 27″ 3840 x 216...

0
Add to compare
- 24% Acer KC242Y Hbi 23.8″ Full HD...
Original price was: $117.99.Current price is: $89.99.

Acer KC242Y Hbi 23.8″ Full HD...

0
Add to compare
- 28% Wireless Keyboard and Mouse Combo, ...
Original price was: $28.99.Current price is: $20.99.

Wireless Keyboard and Mouse Combo, ...

0
Add to compare
.

We will be happy to hear your thoughts

Leave a reply

NextTrendDeals
Logo
Register New Account
Compare items
  • Total (0)
Compare
0
Shopping cart