- About Us
We 365 Admin Support, just simplify your IT problems
Call for a free support. +91 96666 59505Platform Partnership
The UEFI firmware found in various motherboards from ASUS, Gigabyte, MSI, and ASRock is susceptible to direct memory access (DMA) attacks, which can circumvent early-boot memory safeguards.
This security concern has been assigned multiple identifiers (CVE-2025-11901, CVE-2025-14302, CVE-2025-14303, CVE-2025-14304) reflecting the variations in manufacturer implementations.
DMA is a hardware feature that permits devices like graphics cards, Thunderbolt devices, and PCIe devices to directly access RAM without the intervention of the CPU.
IOMMU functions as a hardware-enforced memory firewall that sits between devices and RAM, determining which memory regions are accessible to each device.
During the early boot phase when UEFI firmware initializes, IOMMU must be activated prior to any potential DMA attacks; otherwise, there are no safeguards against unauthorized reading or writing to memory regions via physical access.
This vulnerability was uncovered by researchers Nick Peterson and Mohamed Al-Sharifi from Riot Games. It results in the UEFI firmware indicating that DMA protection is enabled, even in cases where IOMMU fails to initialize properly, leaving the system vulnerable to exploitation.
Peterson and Al-Sharifi responsibly disclosed the issue and collaborated with CERT Taiwan to orchestrate a response and engage with affected vendors.
The researchers explain that when a computer system boots, it enters “its most privileged state: it has full, unrestricted access to the entire system and all connected hardware.”
Only after the initial firmware loads, typically UEFI, are protective mechanisms established. The operating system is usually one of the final components to load in the boot sequence.
On vulnerable systems, certain Riot Games titles, including the renowned Valorant, will fail to launch due to the Vanguard system operating at the kernel level to safeguard against cheats.
“If a cheat loads before we do, it has a better chance of hiding where we can’t find it. This creates an opportunity for cheats to try and remain undetected, wreaking havoc in your games for longer than we are ok with” – Riot Games
While the researchers discussed the vulnerability mainly concerning gaming, it poses a broader security threat by allowing malicious code to compromise the operating system.
Such attacks necessitate physical access, requiring a malicious PCIe device to be connected prior to OS startup. During this period, the rogue device may freely read or alter RAM.
“Even though firmware asserts that DMA protections are active, it fails to properly configure and enable the IOMMU during the early hand-off phase in the boot sequence,” states the advisory from Carnegie Mellon CERT Coordination Center (CERT/CC).
“This vulnerability allows a malicious DMA-capable PCIe device with physical access to read or modify system memory before OS-level safeguards can take effect.”
Exploitation occurs before the operating system boots, meaning security tools won’t issue warnings, permission prompts, or alerts for the user.
Carnegie Mellon CERT/CC has confirmed that the vulnerability affects specific motherboard models from ASRock, ASUS, GIGABYTE, and MSI, and other hardware manufacturers may also be impacted.
The specific models affected by each manufacturer are detailed in their respective security bulletins and firmware updates (ASUS, MSI, Gigabyte, ASRock).
Users are advised to check for firmware updates and apply them after backing up important data.
Riot Games has updated Vanguard, its anti-cheat system that helps prevent bots and scripts in games such as Valorant and League of Legends.
For users with systems impacted by the UEFI vulnerability, Vanguard will block Valorant from launching and display a pop-up with details on what is required to start the game.
“Our VAN:Restriction system is Vanguard’s way of indicating we cannot assure system integrity due to the disabled security features,” say Riot Games researchers.
Broken IAM isn’t just an IT issue – the repercussions extend throughout your entire organization.
This practical guide details why traditional IAM practices fail to meet modern demands, highlights examples of effective IAM, and provides a straightforward checklist for developing a scalable strategy.
