Critical UEFI flaw lets attackers with physical PCIe devices bypass all OS defenses. Immediate firmware patching is essential.

Continue reading
A critical vulnerability in UEFI firmware undermines the hardware root of trust, allowing attackers with physical access to compromise systems before the operating system even loads.
A fundamental flaw has been discovered in the Unified Extensible Firmware Interface (UEFI) implementations of several motherboard vendors. The vulnerability disrupts the secure initialization sequence by failing to correctly enable the Input-Output Memory Management Unit (IOMMU), despite the firmware reporting that Direct Memory Access (DMA) protections are active. This creates a dangerous window of opportunity during the Pre-EFI Initialization (PEI) and Driver Execution Environment (DXE) phases of boot, before the operating system's security controls take over.
The Peripheral Component Interconnect Express (PCIe) bus allows compliant hardware, like network cards or GPUs, to read and write system memory via DMA for high-performance data transfers. The IOMMU is the critical hardware component that restricts these DMA transactions to authorized memory regions, acting as a firewall for system memory. When this unit is not initialized, any DMA-capable PCIe device—including a malicious one plugged into an open slot—can access the entire physical memory address space without restriction.
This pre-boot memory access enables severe attack scenarios, including the theft of cryptographic keys, credentials, or other sensitive data resident in memory from the previous session. More critically, it allows an attacker to overwrite boot code or system structures to achieve persistence, potentially installing a firmware-level bootkit that survives operating system reinstallation and disk replacement.
The vulnerability was identified by security researchers Nick Peterson and Mohamed Al-Sharifi and reported through coordinated disclosure channels. The timeline below is constructed from the primary source.
The attack exploits a discrepancy between the firmware's claimed security state and its actual configuration. The breakdown occurs in the following sequence:
1. System Power-On -> UEFI Firmware (PEI Phase) begins.
2. Platform Initialization -> CPU, Memory, and PCIe bus are set up.
3. **VULNERABLE STEP**: IOMMU controller is discovered but its protection registers are *not* programmed/enabled.
4. Firmware proceeds to DXE Phase, loading drivers and preparing OS bootloader.
5. **ATTACK WINDOW**: A malicious PCIe device can issue DMA requests to any physical address (e.g., 0x00000000 - 0xFFFFFFFF).
6. OS Bootloader (e.g., Windows Boot Manager, GRUB) is loaded into memory and could be corrupted via DMA.
7. OS Kernel loads and enables its own IOMMU drivers (e.g., VT-d, AMD-Vi), closing the window—but the system may already be compromised.The core of the issue is a missing or incorrect call to the `EnableDmaProtection()` protocol or equivalent function within the UEFI codebase. Attackers can leverage low-cost, programmable PCIe hardware (like certain FPGA boards) or compromised legitimate peripherals to act as the malicious DMA device. The payload delivered via DMA could modify the `SYSENTER_EIP_MSR` to hook kernel entry points, patch the System Management Mode (SMM) handler table, or directly inject a second-stage payload into the OS bootloader in memory.
Due to the low-level nature of this vulnerability, traditional file-based IOCs are less relevant. Detection focuses on system configuration, firmware versions, and anomalous hardware behavior.
| Type | Value | Source / Notes |
|---|---|---|
| Behavioral IOC | DMA Remapping/IOMMU reported as "Disabled" or "Not Active" in UEFI setup despite being set to "Enabled". | System firmware setup utility. |
| Firmware Version | Vendor-specific. Check for versions prior to the patched release for your motherboard model. | Vendor security advisories. |
| System Log | `ACPI BIOS ERROR (bug)`: Could indicate conflicts or failures in IOMMU ACPI table (DMAR/IVRS) parsing during boot. |
| Tactic | Technique ID | Technique Name | Description |
|---|---|---|---|
| Initial Access | T1189 | Drive-by Compromise | Not directly applicable, but a pre-compromised PCIe device could be inserted. |
| Execution | T1068 | Exploitation for Privilege Escalation | Exploits the firmware vulnerability to execute code at the highest privilege level (ring -2/-3). |
| Persistence | T1542.001 | Pre-OS Boot: System Firmware | Malicious modification of boot components in memory can lead to firmware persistence. |
1. Firmware & Configuration Auditing:
Get-WmiObject -Namespace root\CIMv2\Security\MicrosoftTpm -Class Win32_Tpm | Select IsIoMmuDevicePresent2. Behavioral & Log Monitoring:
source="/var/log/messages" OR source="/var/log/syslog"
"DMAR" OR "IOMMU" AND ("error" OR "fail" OR "disabled")3. Hardware Anomaly Detection:
Immediate Actions (Next 24-72 Hours):
This vulnerability represents a High severity risk. While it requires physical access or a pre-compromised PCIe device—which limits mass exploitation—the impact is severe. It bypasses all software-based security controls and can lead to total system compromise, data breach, and persistent footholds that are extremely difficult to detect and eradicate.

Splunk disclosed CVE-2026-20253, a critical pre-auth RCE flaw in Splunk Enterprise (CVSS 9.8) from insecure MongoDB defaults. Patches released; upgrade to 9.1.8, 9.2.5, or 9.3.2.
| Linux `dmesg`, Windows Event Log. |
| Tool-based Check | Output from `dmesg \ | grep -i "DMAR\ | IOMMU"` or `systeminfo` showing inconsistent DMA protection status. | Post-boot OS enumeration. |
| Defense Evasion |
| T1622 |
| Debugger Evasion |
| Operates below the OS, evading all kernel and user-mode security tools. |
| T1564.008 | Hide Artifacts: Email Hiding Rules | Could be used to hide malicious payloads in firmware regions inaccessible to the OS. |
| Discovery | T1082 | System Information Discovery | DMA allows unfettered reading of system memory, disclosing all software and data. |
| Impact | T1565 | Data Manipulation | Arbitrary memory write capability allows for data destruction or corruption. |