CVE-2025-14304

Summary

Certain motherboard models developed by ASRock and its subsidiaries, ASRockRack and ASRockInd. has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security features are loaded.

Affected Software

VendorProductVersion RangeStatus
ASRockIntel 500 chipset motherboard0affected
ASRockRackIntel 500 chipset motherboard0affected
ASRockIndIntel 500 chipset motherboard0affected
ASRockIntel 600 chipset motherboard0affected
ASRockRackIntel 600 chipset motherboard0affected
ASRockIndIntel 600 chipset motherboard0affected
ASRockIntel 700 chipset motherboard0affected
ASRockRackIntel 700 chipset motherboard0affected
ASRockIndIntel 700 chipset motherboard0affected
ASRockIntel 800 chipset motherboard0affected
ASRockRackIntel 800 chipset motherboard0affected
ASRockIndIntel 800 chipset motherboard0affected

Weaknesses

  • CWE-693: CWE-693 Protection Mechanism Failure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References