The UEFI firmware implementation in some motherboards from ASUS, Gigabyte, MSI, and ASRock is vulnerable to direct memory access (DMA) attacks that can bypass early-boot memory protections.
The security issue has received multiple identifiers (CVE-2025-11901, CVE-2025‑14302, CVE-2025-14303, and CVE-2025-14304) due to differences in vendor implementations
DMA is a hardware feature that allows devices such as graphics cards, Thunderbolt devices, and PCIe devices to read and write directly to RAM without involving the CPU.
IOMMU is a hardware-enforced memory firewall that sits between devices and RAM, controlling which memory regions are accessible for each device.
During early boot, when UEFI firmware initializes, IOMMU must activate before DMA attacks are possible; otherwise, there is no protection in place to stop reading or writing on memory regions via physical access.
Valorant not launching on vulnerable systems
The vulnerability was discovered by Riot Games researchers Nick Peterson and Mohamed Al-Sharifi. It causes the UEFI firmware to show that the DMA protection is enabled even if the IOMMU did not initialize correctly, leaving the system exposed to attacks.
Peterson and Al-Sharifi disclosed the security isssue responsibly and worked with CERT Taiwan to coordinate a response and reach affected vendors.
The researchers explain that when a computer system is turned on, it is "in its most privileged state: it has full, unrestricted access to the entire system and all connected hardware."
Protections become available only after loading the initial firmware, which is UEFI most of the time, which initializes hardware and software in a secure way. The operating system is among the last to load in the boot sequence.
On vulnerable systems, some Riot Games titles, such as the popular Valorant, will not launch. This is due to the Vanguard system that works at the kernel level to protect against cheats.
"If a cheat loads before we do, it has a better chance of hiding where we can’t find it. This creates an opportunity for cheats to try and remain undetected, wreaking havoc in your games for longer than we are ok with" - Riot Games
Although the researchers described the vulnerability from the perspective of the gaming industry, where cheats could be loaded early on, the security risk extends to malicious code that can compromise the operating system.
The attacks require physical access, where a malicious PCIe device needs to be connected for a DMA attack before the operating system starts. During that time, the rogue device may read or modify the RAM freely.
"Even though firmware asserts that DMA protections are active, it fails to properly configure and enable the IOMMU during the early hand-off phase in the boot sequence," reads the advisory from the Carnegie Mellon CERT Coordination Center (CERT/CC).
"This gap allows a malicious DMA-capable Peripheral Component Interconnect Express (PCIe) device with physical access to read or modify system memory before operating system-level safeguards are established."
Due to exploitation occurring before OS boot, there would be no warnings from security tools, no permission prompts, and no alerts to notify the user.
Broad impact confirmed
Carnegie Mellon CERT/CC confirmed that the vulnerability impacts some motherboard models from ASRock, ASUS, GIGABYTE, and MSI, but products from other hardware manufacturers may be affected.
The specific models impacted for each manufacturer are listed in the security bulletins and firmware updates from the makers (ASUS, MSI, Gigabyte, ASRock).
Users are recommended to check for available firmware updates and install them after backing up important data.
Riot Games has updated Vanguard, its kernel-level anti-cheat system that provides protection against bots and scripts in games like Valorant and League of Legends.
If a system is affected by the UEFI vulnerability, Vannguard will block Valorant from launching and prompt users with a pop-up providing details on what is required to start the game.
"Our VAN:Restriction system is Vanguard’s way of telling you we cannot guarantee system integrity due to the outlined disabled security features," Riot Games researchers say.
Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Comments
PXAbstraction - 1 week ago
Oh goody, another update for my BIOS that will clear all its settings, even the ones that it says are safe from updated. Thanks Gigabyte!
deltasierra - 1 week ago
*Facepalm* right!? I have a few pics on my phone to get security settings put back such that Windows 11 will boot, along with a few other menu screens.
DavidXanatos - 1 week ago
Well I don't see a security issue but ownership over once own hardware.
RexvimilZuzakzmo - 1 week ago
I assume you mean:
Well I don't see a "security issue" but *ownership of once owned hardware issue*.
And for that, thumbs up Dear Sir.
thepatcher - 1 week ago
Are different chipsets affected depending on the manufacturer?
MSI only lists Intel 600 and 700, but ASUS starts with Intel 400, ASRock Intel 500/600/700/800 and Gigabyte also lists AMD chipsets.
deltasierra - 1 week ago
Yes, different chipsets are affected depending on manufacturer as each of their implementations of UEFI and IOMMU initialization are different, i.e. it's not something intrinsically based on chipset.
ThomasMann - 1 week ago
The ASRock links do not lead to any updates and their security link also does not...?
deltasierra - 1 week ago
It worked for me at this time, so you might try again.
thepatcher - 1 week ago
So it could happen that older PCs are not able to start certain games as the don't get the necessary updates
https://hardware.slashdot.org/story/25/12/19/2135223/riot-games-is-making-an-anti-cheat-change-that-could-be-rough-on-older-pcs
RexvimilZuzakzmo - 1 week ago
The way I see it - this so called vulnerability is a feature! xD
One that allow to easily identify game producers sticking their fingers in places they should be kept away from...
The only way you could even start considering this sort of requirement reasonable, would be if anticheat in question ACTUALLY WORKED!!! A bare-F-minimum requirement. And they don't! Spectacularly! And there is no excuse!
It's like a chess judge not being able to tell someone cheated by swiping/adding a piece or moving one incorrectly outside their turn, despite them watching entire time having entire thing recorded both move wise and the board itself! It happening would be basically a proof they were in on it... (external advice would be analogous to botting, different issue)
And why? Because cheater said "it's fine"... This must require incompetence/stupidity/laziness/greed (any to all) of cataclysmic proportions.
I mean, how many microtransaction vulnerability cheating options/cases have you EVEN HEARD OF? Somehow no one is cheating in most profitable way imaginable. SO DEVS/PUBLISHER CAN {Insert-Profanity} PROTECT IT! EVEN WHEN THEY ONLY GIVE A SMALLEST AMOUNT OF {Insert-Profanity} POSSIBLE!
This. Is. Ridiculous.
pj20783 - 1 week ago
I do not think this issue is this serious. If an attacker has a physical access to your PC, you are always in trouble. And the attack can be performed only locally.
deltasierra - 1 week ago
Exactly.
deltasierra - 1 week ago
"If a system is affected by the UEFI vulnerability, Vannguard will block Valorant from launching and prompt users with a pop-up providing details on what is required to start the game.
"Our VAN:Restriction system is Vanguard’s way of telling you we cannot guarantee system integrity due to the outlined disabled security features," Riot Games researchers say."
So legit players can't play the game until they update their BIOS? Do they realize that not everyone knows how to do that? Doesn't happen often in modern times but BIOS updates can fail and brick the system, in which case Riot Games should be liable for those damages.
All these kernel-level anti-cheat apps have it wrong -- online games should be relying more on anomaly detection than being in the business of securing customers' computers. They'll always be playing whack-a-mole and generating poor user experiences like this.
The Vanguard solution here would ban cheaters that purposefully compromise their own system while every other legit player has bigger problems if a threat actor has physical access to their computer, yet it's a big deal. Riot's risk analysis and solution on this is terrible, lol.