DMA is direct memory access, used by lot of peripherals to transfer to and fro data without CPU involvement. Recent servers and consumer products increased the security of DMA. Recent OS enables secure DMA transfer. A potential security vulnerability has been reported in the system BIOS , which might allow memory tampering when the BIOS is in POST. Recent BIOS provide an option to disable Preboot DMA in their setup to allow older peripherals which has older firmware to service and not secure DMA capable. CVE ID is CVE-2023-5410.
Applying the firmware patches and enabling the preboot DMA security is much relevant in server and consumer products for the below reasons.
- This can be part of a NIST compliance in future products. Certain customer segments may not buy a product if it is not NIST compliant to the latest NIST version. e.g:- Government and finance organizations.
- Operating systems like Windows and Linux may add dependency on preboot DMA security as a prerequisite for enabling DMA security. Right now no valid way to relate between the Preboot and OS DMA security. Future it can be a requirement in operating systems installation and use.
Source: NVD – CVE-2023-5410