The UEFI firmware implementation in some motherboards from ASUS, Gigabyte, MSI, and ASRock is weak to direct reminiscence entry (DMA) assaults that may bypass early-boot reminiscence protections.
The safety problem has acquired a number of identifiers (CVE-2025-11901, CVE-2025‑14302, CVE-2025-14303, and CVE-2025-14304) as a result of variations in vendor implementations
DMA is a {hardware} characteristic that enables units corresponding to graphics playing cards, Thunderbolt units, and PCIe units to learn and write on to RAM with out involving the CPU.
IOMMU is a hardware-enforced reminiscence firewall that sits between units and RAM, controlling which reminiscence areas are accessible for every gadget.
Throughout early boot, when UEFI firmware initializes, IOMMU should activate earlier than DMA assaults are attainable; in any other case, there isn’t a safety in place to cease studying or writing on reminiscence areas by way of bodily entry.
Valorant not launching on weak techniques
The vulnerability was found by Riot Video games researchers Nick Peterson and Mohamed Al-Sharifi. It causes the UEFI firmware to point out that the DMA safety is enabled even when the IOMMU didn’t initialize accurately, leaving the system uncovered to assaults.
Peterson and Al-Sharifi disclosed the safety isssue responsibly and labored with CERT Taiwan to coordinate a response and attain affected distributors.
The researchers clarify that when a pc system is turned on, it’s “in its most privileged state: it has full, unrestricted entry to the complete system and all linked {hardware}.”
Protections change into accessible solely after loading the preliminary firmware, which is UEFI more often than not, which initializes {hardware} and software program in a safe method. The working system is among the many final to load within the boot sequence.
On weak techniques, some Riot Video games titles, corresponding to the favored Valorant, won’t launch. That is as a result of Vanguard system that works on the kernel stage to guard in opposition to cheats.
“If a cheat masses earlier than we do, it has a greater probability of hiding the place we are able to’t discover it. This creates a chance for cheats to attempt to stay undetected, wreaking havoc in your video games for longer than we’re comfortable with” – Riot Video games
Though the researchers described the vulnerability from the attitude of the gaming trade, the place cheats might be loaded early on, the safety danger extends to malicious code that may compromise the working system.
The assaults require bodily entry, the place a malicious PCIe gadget must be linked for a DMA assault earlier than the working system begins. Throughout that point, the rogue gadget might learn or modify the RAM freely.
“Regardless that firmware asserts that DMA protections are lively, it fails to correctly configure and allow the IOMMU in the course of the early hand-off section within the boot sequence,” reads the advisory from the Carnegie Mellon CERT Coordination Heart (CERT/CC).
“This hole permits a malicious DMA-capable Peripheral Part Interconnect Categorical (PCIe) gadget with bodily entry to learn or modify system reminiscence earlier than working system-level safeguards are established.”
Resulting from exploitation occurring earlier than OS boot, there can be no warnings from safety instruments, no permission prompts, and no alerts to inform the consumer.
Broad impression confirmed
Carnegie Mellon CERT/CC confirmed that the vulnerability impacts some motherboard fashions from ASRock, ASUS, GIGABYTE, and MSI, however merchandise from different {hardware} producers could also be affected.
The particular fashions impacted for every producer are listed within the safety bulletins and firmware updates from the makers (ASUS, MSI, Gigabyte, ASRock).
Customers are beneficial to verify for accessible firmware updates and set up them after backing up essential knowledge.
Riot Video games has up to date Vanguard, its kernel-level anti-cheat system that gives safety in opposition to bots and scripts in video games like Valorant and League of Legends.
If a system is affected by the UEFI vulnerability, Vannguard will block Valorant from launching and immediate customers with a pop-up offering particulars on what’s required to start out the sport.
“Our VAN:Restriction system is Vanguard’s method of telling you we can’t assure system integrity as a result of outlined disabled security measures,” Riot Video games researchers say.
Damaged IAM is not simply an IT drawback – the impression ripples throughout your complete enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with fashionable calls for, examples of what “good” IAM seems to be like, and a easy guidelines for constructing a scalable technique.
