Vulnerability Description
Certain motherboard models developed by ASRock and its subsidiaries, ASRockRack and ASRockInd. has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security features are loaded.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://www.asrock.com/support/Security.asp
- https://www.asrockind.com/zh-tw/security-center
- https://www.twcert.org.tw/en/cp-139-10579-9205b-2.html
- https://www.twcert.org.tw/tw/cp-132-10578-c43b4-1.html
FAQ
What is CVE-2025-14304?
CVE-2025-14304 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Certain motherboard models developed by ASRock and its subsidiaries, ASRockRack and ASRockInd. has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated...
How severe is CVE-2025-14304?
CVE-2025-14304 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-14304?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.