Protection Mechanism Failure in ASRock Motherboards
CVE-2025-14304

7HIGH

Key Information:

Vendor

Asrock

Status
Intel 500 Chipset Motherboard
Intel 600 Chipset Motherboard
Intel 700 Chipset Motherboard
Intel 800 Chipset Motherboard
Vendor
CVE Published:
17 December 2025

What is CVE-2025-14304?

ASRock and its subsidiaries, ASRockRack and ASRockInd, are facing a critical issue with certain motherboard models due to a Protection Mechanism Failure. This vulnerability arises from the improper enabling of the IOMMU (Input/Output Memory Management Unit), which could allow unauthorized physical attackers to exploit a DMA-capable PCIe device. This exploitation provides the ability to access, read, and write arbitrary physical memory prior to the operating system kernel and its associated security features being fully operational. Such a risk underscores the importance of timely patching and security measures to safeguard sensitive information against potential misuse.

Affected Version(s)

Intel 500 chipset motherboard 0

Intel 500 chipset motherboard 0

Intel 500 chipset motherboard 0

References

https://www.twcert.org.tw/tw/cp-132-10578-c43b4-1.html
third-party-advisory
https://www.twcert.org.tw/en/cp-139-10579-9205b-2.html
third-party-advisory
https://www.asrock.com/support/Security.asp
vendor-advisory

CVSS V4

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-14304 : Protection Mechanism Failure in ASRock Motherboards