- UEFI flaw leaves ASUS, Gigabyte, MSI, and ASRock motherboards exposed to DMA attacks
- Firmware falsely reports IOMMU protection enabled, allowing malicious PCIe devices pre‑boot access
- Riot Games discovered issue; users should apply vendor firmware updates to mitigate risk
A vulnerability in the implementation of UEFI firmware has left many popular motherboards vulnerable to direct memory access (DMA) attacks, researchers have warned, with these attacks possibly resulting in stubbornly persistent access, exposure of encryption keys and credentials, and a myriad of other problems.
Most modern computers use UEFI firmware, low-level software built into the motherboard that initializes hardware and securely starts the operating system. Among other things, the firmware is responsible for initializing and correctly enabling the Input-Output Memory Management Unit (IOMMU) isolation layer.
This hardware-enforced layer sits between system RAM and devices that can read and write directly to RAM without involving the CPU – direct memory access (DMA) devices. Those include PCIe cards, Thunderbolt devices, GPUs, etc. and similar. When it is properly initialized, a malicious device cannot read or write arbitrary memory.
False positives
The vulnerability occurs because, on affected motherboards, the UEFI firmware reports that DMA protection is enabled even though the IOMMU was never correctly initialized. In other words, the system believes the memory firewall is on when it is not enforcing any rules yet.
Since different vendors implement this feature differently, the vulnerability is tracked under different identifiers. Therefore, the bug is tracked as CVE-2025-11901, CVE-2025‑14302, CVE-2025-14303, and CVE-2025-14304 and affects some motherboards from ASUS, Gigabyte, MSI, and ASRock.
It was first discovered by researchers from Riot Games, creators of some of the world’s most popular multiplayer games, such as League of Legends, or Valorant. Riot has a tool called Vanguard, which works at kernel level and prevents cheats from being used. On vulnerable systems, Vanguard blocks Valorant from starting.
While the vulnerability does sound ominous, there is a major caveat – a PCIe device needs to be connected for a DMA attack, before the operating system starts. Still, users are advised to check with their motherboard manufacturers for firmware updates.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
