- UEFI flaw leaves ASUS, Gigabyte, MSI and ASRock motherboards vulnerable to DMA attacks
- Firmware falsely reports that IOMMU protection is enabled, allowing malicious PCIe devices before booting
- Riot Games discovered an issue; users should apply vendor firmware updates to mitigate risk
A vulnerability in the implementation of UEFI firmware has left many popular motherboards vulnerable to direct memory access (DMA) attacks, researchers have warned, with those attacks potentially resulting in persistent persistent access, exposure of encryption keys and credentials, and a myriad of other problems.
Most modern computers use UEFI firmware, low-level software built into the motherboard that initializes hardware and securely boots the operating system. Among other things, the firmware is responsible for initializing and correctly activating the isolation layer Input-Output Memory Management Unit (IOMMU).
This hardware-enforced layer sits between system RAM and devices that can read and write directly to RAM without involving the CPU – Direct Memory Access (DMA) devices. These include PCIe cards, Thunderbolt devices, GPUs, etc. and the like. When properly initialized, a malicious device cannot read or write arbitrary memory.
False positives
The vulnerability occurs because the UEFI firmware on affected motherboards reports that DMA protection is enabled, even though the IOMMU was never properly initialized. In other words, the system thinks the memory firewall is on when it is not enforcing any rules yet.
Since different vendors implement this feature differently, the vulnerability is tracked under different identifiers. Therefore, the bug is tracked as CVE-2025-11901, CVE-2025-14302, CVE-2025-14303 and CVE-2025-14304 and affects some motherboards from ASUS, Gigabyte, MSI and ASRock.
It was first discovered by researchers from Riot Games, creators of some of the world’s most popular multiplayer games, such as League of Legends or Valorant. Riot has a tool called Vanguard which works at the core level and prevents cheats from being used. On vulnerable systems, Vanguard blocks Valorant from starting.
While the vulnerability sounds ominous, there is one big caveat – a PCIe device must be connected to a DMA attack before the operating system boots. Still, users are advised to check with their motherboard manufacturers for firmware updates.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
