- UEFI flaw leaves ASUS, Gigabyte, MSI and ASRock motherboards exposed to DMA attacks
- Firmware falsely reports that IOMMU protection is enabled, allowing pre-boot access by malicious PCIe devices
- Riot Games discovered an issue; Users should apply firmware updates from the vendor to mitigate risk.
A vulnerability in the UEFI firmware implementation has left many popular motherboards vulnerable to direct memory access (DMA) attacks, researchers have warned, and these attacks will likely result in stubbornly persistent access, exposure of encryption keys and credentials, and a myriad of other problems.
Most modern computers use UEFI firmware, low-level software built into the motherboard that initializes the hardware and safely boots the operating system. Among other things, the firmware is responsible for correctly initializing and enabling the Input-Output Memory Management Unit (IOMMU) isolation layer.
This hardware-enforced layer sits between system RAM and devices that can read and write directly to RAM without involving the CPU: direct memory access (DMA) devices. These include PCIe cards, Thunderbolt devices, GPUs, etc. and the like. When properly initialized, a malicious device cannot read or write arbitrary memory.
False positives
The vulnerability occurs because, on affected motherboards, the UEFI firmware reports that DMA protection is enabled even though the IOMMU was never properly initialized. In other words, the system thinks the memory firewall is on when it is not yet applying any rules.
Since different vendors implement this feature differently, the vulnerability is tracked with different identifiers. Therefore, the bug is tracked as CVE-2025-11901, CVE-2025-14302, CVE-2025-14303 and CVE-2025-14304 and affects some motherboards from ASUS, Gigabyte, MSI and ASRock.
It was first discovered by researchers at Riot Games, creators of some of the most popular multiplayer games in the world, such as League of Legends or Valorant. Riot has a tool called Vanguard, which works at the kernel level and prevents cheats from being used. On vulnerable systems, Vanguard blocks Valorant from starting.
While the vulnerability sounds ominous, there is an important caveat: a PCIe device must be connected for a DMA attack before the operating system boots. Still, users are advised to check with their motherboard manufacturers for firmware updates.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
