Mohamed Al-Sharifi

**Name of the Vulnerable Software and Affected Versions** GIGABYTE motherboard models (affected versions not specified) **Description** A protection mechanism failure exists in certain GIGABYTE motherboard models due to improperly enabled IOMMU. This allows unauthenticated physical attackers with a DMA-capable PCIe device to read and write arbitrary physical memory before the operating system kernel and its security features are loaded. IOMMU (Input/Output Memory Management Unit) is a component of a motherboard that manages memory access for peripheral devices. When not properly enabled, it can lead to direct memory access (DMA) attacks, where an attacker can bypass the operating system and directly access system memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MSI Motherboard (affected versions not specified) **Description** Certain MSI motherboard models are affected by a Protection Mechanism Failure. The issue stems from IOMMU not being properly enabled, allowing unauthenticated physical attackers to utilize a DMA-capable PCIe device to read and write arbitrary physical memory before the operating system kernel and its security features are initialized. This could potentially compromise system integrity and confidentiality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASRock, ASRockRack, and ASRockInd motherboards (affected versions not specified) **Description** Certain motherboard models developed by ASRock and its subsidiaries, ASRockRack and ASRockInd, exhibit a Protection Mechanism Failure. This is due to IOMMU not being properly enabled. An unauthenticated physical attacker with a DMA-capable PCIe device can read and write arbitrary physical memory before the operating system kernel and its security features are loaded. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.