Back

Vulnerability in UEFI Firmware Modules Prevents IOMMU Initialization on Certain Motherboards

CVE-2025-14302, TVN-202512003
Dec 17, 2025

GIGABYTE Technology Co., Ltd. acknowledges a recently identified vulnerability (VU#382314, CVE-2025-14302, TVN-202512003) in certain UEFI firmware modules that may prevent proper IOMMU initialization, potentially exposing systems to early-boot DMA attacks. We are committed to providing secure and reliable products, and are actively addressing this issue to protect our customers. The vulnerability has been assessed as Medium severity (CVSS: 6.8 (Medium) CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

 

This vulnerability stems from a discrepancy between reported and actual DMA protection within the UEFI implementation. While firmware may indicate DMA protections are active, the IOMMU may not be correctly configured during the early boot sequence, allowing a malicious PCIe device with physical access to potentially read or modify system memory before operating system security measures are fully loaded. This could compromise data security and system integrity. As identified by TWCERT and NVD, this constitutes a Protection Mechanism Failure (CWE-693, CAPEC-401).

 

GIGABYTE has been diligently working to develop and release firmware updates to rectify the IOMMU initialization sequence and ensure robust DMA protection across affected platforms. Updates are now available for a wide range of GIGABYTE motherboards, including those based on Intel® 600/700/800, and AMD® 600/800, and TRX50 platforms.

 

We extend our gratitude to Nick Peterson and Mohamed Al-Sharifi of Riot Games for discovering and reporting this vulnerability, and to Vijay Sarvepalli from CERT/CC, Theon Huang from TWCERT/CC for their collaboration with GIGABYTE in developing a swift and effective response.

 

Platform

BIOS Release Schedule

Intel® Z890, W880, Q870, B860, H810 platforms

Released

Intel® Z790, B760 platforms

Released

Intel® Z690, Q670, B660, H610 platforms

Released

Intel® W790 platform

Released

AMD® X870E, X870, B850, B840 platforms

Released

AMD® X670, B650, A620, A620A platforms

Released

AMD® TRX50 platform

2026 / Q1

 

Customers are strongly advised to upgrade to the latest BIOS version.

 

*The release schedule may be adjusted without further notification. Please check this page or contact technical support for any future updates.

*Please navigate to the "Support" section of the relevant product page to download the updated BIOS.

*For any further assistance regarding this issue please contact your sales representative, or create a new support ticket at https://esupport.gigabyte.com

https://www.twcert.org.tw/tw/cp-132-10574-ddf09-1.html

https://www.twcert.org.tw/en/cp-139-10575-e4f41-2.html