Software Engineering Institute

Overview

A newly identified vulnerability in some UEFI-supported motherboard models leaves systems vulnerable to early-boot DMA attacks across architectures that implement UEFI and IOMMU. Although the firmware indicates that DMA protection is active, it fails to correctly initialize the IOMMU. Therefore, a malicious PCIe device with physical access can read or modify system memory before the operating system’s defenses load. This exposes sensitive data and enables pre-boot code injection on affected systems running unpatched firmware.

Description

Modern systems rely on UEFI firmware and the Input–Output Memory Management Unit (IOMMU) to establish a secure foundation before the operating system loads. UEFI initializes hardware and enforces early security policies while the IOMMU restricts peripheral devices from performing unauthorized memory accesses. Together, these components help ensure that direct memory access (DMA)-capable devices cannot tamper with or inspect system memory during the critical pre-boot phase.

A vulnerability discovered in certain UEFI implementations arises from a discrepancy between reported and actual DMA protection. Even though firmware asserts that DMA protections are active, it fails to properly configure and enable the IOMMU during the early hand-off phase in the boot sequence. This gap allows a malicious DMA-capable Peripheral Component Interconnect Express (PCIe) device with physical access to read or modify system memory before operating system-level safeguards are established. As a result, attackers could potentially access sensitive data in memory or influence the initial state of the system, thus undermining the integrity of the boot process.

Vendors whose products are affected have begun releasing firmware updates to correct the IOMMU initialization sequence and properly enforce DMA protections throughout boot. Users and administrators should apply these updates as soon as they become available to ensure their systems are not exposed to this class of pre-boot DMA attacks. In environments where physical access cannot be fully controlled or relied on, prompt patching and adherence to hardware security best practices are especially important. Because the IOMMU also plays a foundational role in isolation and trust delegation in virtualized and cloud environments, this flaw highlights the importance of ensuring correct firmware configuration even on systems not typically used in data centers.

Impact

Improper IOMMU initialization in UEFI firmware on some UEFI-based motherboards from multiple vendors allows a physically present attacker using a DMA-capable PCIe device to bypass early-boot memory protection. The attacker could access or alter system memory via DMA transactions processed before the operating system enables its security controls.

Solution

Users and administrators should apply the latest firmware updates as soon as they become available as these patches correct the IOMMU initialization issue and restore proper DMA protections during early boot. Because multiple vendors are affected and updates are being released on varying timelines, customers should regularly monitor the Vendor Information section for newly published advisories and updated firmware packages. Environments where physical access is difficult to control should prioritize patching promptly to reduce exposure to pre-boot DMA attacks.

Acknowledgements

Thanks to reporter Nick Peterson and Mohamed Al-Sharifi of Riot Games for identifying this issue and working with vendor teams and the Taiwanese CERT to coordinate the response and reach affected product vendors. This document was written by Vijay Sarvepalli.

Vendor Information

References

• https://en.wikipedia.org/wiki/DMA_attack
• https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-PCIe-Device-Attacks-Beyond-DMA-Exploiting-PCIe-Switches-Messages-And-Errors.pdf
• https://www.synacktiv.com/ressources/IOMMU_and_DMA_attacks_presentation_16_9.pdf
• https://learn.microsoft.com/en-us/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt
• https://tinyurl.com/twcert
• https://eclypsium.com/blog/direct-memory-access-attacks-a-walk-down-memory-lane/
• https://www.sei.cmu.edu/blog/uefi-terra-firma-for-attackers/