The UEFI firmware implementation in some motherboards from ASUS, Gigabyte, MSI, and ASRock is susceptible to direct reminiscence entry (DMA) assaults that may bypass early-boot reminiscence protections.
The security concern has acquired a number of identifiers (CVE-2025-11901, CVE-2025‑14302, CVE-2025-14303, and CVE-2025-14304) resulting from variations in vendor implementations
DMA is a {hardware} function that enables units reminiscent of graphics playing cards, Thunderbolt units, and PCIe units to learn and write on to RAM with out involving the CPU.
IOMMU is a hardware-enforced reminiscence firewall that sits between units and RAM, controlling which reminiscence areas are accessible for every system.
Throughout early boot, when UEFI firmware initializes, IOMMU should activate earlier than DMA assaults are potential; in any other case, there is no such thing as a safety in place to cease studying or writing on reminiscence areas through bodily entry.
Valorant not launching on susceptible methods
The vulnerability was found by Riot Video games researchers Nick Peterson and Mohamed Al-Sharifi. It causes the UEFI firmware to indicate that the DMA safety is enabled even when the IOMMU didn’t initialize accurately, leaving the system uncovered to assaults.
Peterson and Al-Sharifi disclosed the security isssue responsibly and labored with CERT Taiwan to coordinate a response and attain affected distributors.
The researchers clarify that when a pc system is turned on, it’s “in its most privileged state: it has full, unrestricted entry to your entire system and all related {hardware}.”
Protections grow to be obtainable solely after loading the preliminary firmware, which is UEFI more often than not, which initializes {hardware} and software program in a safe manner. The working system is among the many final to load within the boot sequence.
On susceptible methods, some Riot Video games titles, reminiscent of the favored Valorant, is not going to launch. That is because of the Vanguard system that works on the kernel stage to guard towards cheats.
“If a cheat hundreds earlier than we do, it has a greater probability of hiding the place we are able to’t discover it. This creates a chance for cheats to try to stay undetected, wreaking havoc in your video games for longer than we’re comfortable with” – Riot Video games
Though the researchers described the vulnerability from the angle of the gaming trade, the place cheats could possibly be loaded early on, the security threat extends to malicious code that may compromise the working system.
The assaults require bodily entry, the place a malicious PCIe system must be related for a DMA assault earlier than the working system begins. Throughout that point, the rogue system might learn or modify the RAM freely.
“Though firmware asserts that DMA protections are energetic, it fails to correctly configure and allow the IOMMU through the early hand-off section within the boot sequence,” reads the advisory from the Carnegie Mellon CERT Coordination Heart (CERT/CC).
“This hole permits a malicious DMA-capable Peripheral Element Interconnect Categorical (PCIe) system with bodily entry to learn or modify system reminiscence earlier than working system-level safeguards are established.”
Resulting from exploitation occurring earlier than OS boot, there could be no warnings from security instruments, no permission prompts, and no alerts to inform the person.
Broad impression confirmed
Carnegie Mellon CERT/CC confirmed that the vulnerability impacts some motherboard fashions from ASRock, ASUS, GIGABYTE, and MSI, however merchandise from different {hardware} producers could also be affected.
The precise fashions impacted for every producer are listed within the security bulletins and firmware updates from the makers (ASUS, MSI, Gigabyte, ASRock).
Customers are really useful to verify for obtainable firmware updates and set up them after backing up essential knowledge.
Riot Video games has up to date Vanguard, its kernel-level anti-cheat system that gives safety towards bots and scripts in video games like Valorant and League of Legends.
If a system is affected by the UEFI vulnerability, Vannguard will block Valorant from launching and immediate customers with a pop-up offering particulars on what’s required to begin the sport.
“Our VAN:Restriction system is Vanguard’s manner of telling you we can not assure system integrity because of the outlined disabled security options,” Riot Video games researchers say.
Damaged IAM is not simply an IT downside – the impression ripples throughout your complete enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with trendy calls for, examples of what “good” IAM appears like, and a easy guidelines for constructing a scalable technique.
