| Advisory Number | 25091201 |
|---|---|
| Advisories | ASRock Industrial Security Advisory 25091201 |
| Release date | 2025-12-18 |
| Affected Products |
Intel 600/800 chipset series motherboards |
| Advisory Category | |
| Severity rating |
Medium (CVSS v3.1 Score : 6.8, AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) |
| Impact of vulnerability |
CVE-2025-14304 |
| Report | Summary
A security vulnerability has been identified on ASRock, ASRock Rack, and ASRock Industrial motherboards based on Intel 500, 600, 700, and 800 series platforms. Pre-boot memory protection is not properly activated, which may allow a physically present attacker with a DMA-capable PCIe device to access or modify system memory before the operating system’s security mechanisms are enabled.
Affected Products
Intel 600/800 chipset series motherboards
Details & Impact
During the UEFI initialization stage, the platform’s IOMMU was not configured. As a result, a local attacker with physical access and a DMA-capable PCIe device could potentially read or modify system memory during the pre-boot phase, before the OS kernel and its security features are loaded. This condition may expose sensitive data and could allow pre-boot code injection.
Solution
Firmware updates for 600 / 800 series models are currently in progress, please contact ASRock Industrial TSD agent or through Technical Support Form for further assistance.
After the firmware updates are released, it will be available on Security Center or the Motherboards product page.
Acknowledgements
Thanks to reporter Nick Peterson and Mohamed Al-Sharifi of Riot Games for reporting this issue and working with relevant coordination teams during disclosure.
References https://kb.cert.org/vuls/id/382314 https://www.twcert.org.tw/en/cp-139-10579-9205b-2.html https://www.twcert.org.tw/tw/cp-132-10578-c43b4-1.html https://nvd.nist.gov/vuln/detail/CVE-2025-14304
|