← volver
CVE-2025-14304

ASRock, ASRockRack, ASRockInd|Motherboard - Protection Mechanism Failure

CVSS 7 HIGHEPSS 0.3%CWE-693
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
17 dic 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Certain motherboard models developed by ASRock and its subsidiaries, ASRockRack and ASRockInd. has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security features are loaded.
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
ASRock · Intel 500 chipset motherboardASRock · Intel 600 chipset motherboardASRock · Intel 700 chipset motherboardASRock · Intel 800 chipset motherboardASRockInd · Intel 500 chipset motherboardASRockInd · Intel 600 chipset motherboardASRockInd · Intel 700 chipset motherboardASRockInd · Intel 800 chipset motherboardASRockRack · Intel 500 chipset motherboardASRockRack · Intel 600 chipset motherboardASRockRack · Intel 700 chipset motherboardASRockRack · Intel 800 chipset motherboard

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.asrock.com/support/Security.asphttps://www.asrockind.com/zh-tw/security-centerhttps://www.twcert.org.tw/en/cp-139-10579-9205b-2.htmlhttps://www.twcert.org.tw/tw/cp-132-10578-c43b4-1.html