Motherboards from Gigabyte, MSI, ASUS, ASRock at risk from new UEFI flaw attack - here's what we know

News
By published

Many popular devices reportedly vulnerable to direct memory access attacks

Security padlock and circuit board to protect data
(Image credit: Getty Images)
  • UEFI flaw leaves ASUS, Gigabyte, MSI, and ASRock motherboards exposed to DMA attacks
  • Firmware falsely reports IOMMU protection enabled, allowing malicious PCIe devices pre‑boot access
  • Riot Games discovered issue; users should apply vendor firmware updates to mitigate risk

A vulnerability in the implementation of UEFI firmware has left many popular motherboards vulnerable to direct memory access (DMA) attacks, researchers have warned, with these attacks possibly resulting in stubbornly persistent access, exposure of encryption keys and credentials, and a myriad of other problems.

Most modern computers use UEFI firmware, low-level software built into the motherboard that initializes hardware and securely starts the operating system. Among other things, the firmware is responsible for initializing and correctly enabling the Input-Output Memory Management Unit (IOMMU) isolation layer.

This hardware-enforced layer sits between system RAM and devices that can read and write directly to RAM without involving the CPU - direct memory access (DMA) devices. Those include PCIe cards, Thunderbolt devices, GPUs, etc. and similar. When it is properly initialized, a malicious device cannot read or write arbitrary memory.

False positives

The vulnerability occurs because, on affected motherboards, the UEFI firmware reports that DMA protection is enabled even though the IOMMU was never correctly initialized. In other words, the system believes the memory firewall is on when it is not enforcing any rules yet.

Since different vendors implement this feature differently, the vulnerability is tracked under different identifiers. Therefore, the bug is tracked as CVE-2025-11901, CVE-2025‑14302, CVE-2025-14303, and CVE-2025-14304 and affects some motherboards from ASUS, Gigabyte, MSI, and ASRock.

It was first discovered by researchers from Riot Games, creators of some of the world’s most popular multiplayer games, such as League of Legends, or Valorant. Riot has a tool called Vanguard, which works at kernel level and prevents cheats from being used. On vulnerable systems, Vanguard blocks Valorant from starting.

While the vulnerability does sound ominous, there is a major caveat - a PCIe device needs to be connected for a DMA attack, before the operating system starts. Still, users are advised to check with their motherboard manufacturers for firmware updates.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.