New UEFI Vulnerability Threatens Motherboards from Gigabyte, MSI, Asus, and ASRock

Researchers from Riot Games have discovered a vulnerability in the UEFI implementation on motherboards from Asus, Gigabyte, MSI, and ASRock. The bug allows DMA (Direct Memory Access) attacks that bypass system protection during the boot phase. The issue received multiple identifiers—CVE-2025-11901, CVE-2025-14302, CVE-2025-14303, and CVE-2025-14304—due to differences in implementations by various vendors.

How the Vulnerability Works

The vulnerability relates to the DMA mechanism, a hardware function that allows devices such as graphics cards, Thunderbolt devices, and PCIe devices to directly read and write data to RAM, bypassing the central processor. An IOMMU typically controls such operations—a hardware memory "firewall" that monitors interactions between devices and RAM and determines which memory areas are accessible to each device.

Researchers discovered that during boot, when UEFI is initializing, the IOMMU should activate before a DMA attack becomes possible. On vulnerable systems, the protection is simply absent, and any physically connected device can freely read or write data to memory. UEFI displays DMA protection as enabled, although the IOMMU has not been correctly initialized.

Per Bleeping Computer, Riot Games titles such as Valorant refused to launch on vulnerable systems due to the Vanguard anti-cheat system, which operates at the kernel level to combat cheat software.

"If a cheat loads before us, it has a better chance of hiding in a way we can't find," Riot Games explains. "This allows cheaters to remain undetected and ruin the game longer than we are willing to tolerate."

Broader Security Implications

While researchers describe the vulnerability from a game development perspective—as a problem allowing cheaters to load their software in the early stages of machine boot—the threat extends to any malicious code.

Exploiting the bug requires physical access to the computer. An attacker must connect their own malicious PCIe device to implement a DMA attack.

"Although the firmware reports that DMA protection is active, it does not configure or enable the IOMMU properly at the critical handoff stage in the boot process," CERT/CC experts note in a separate security bulletin. "The issue allows a malicious DMA-capable PCIe device to read or modify system memory before operating system-level protection mechanisms become active."

Affected Systems

CERT/CC confirmed that the vulnerability affects a range of motherboard models from ASRock, Asus, Gigabyte, and MSI. Products from other manufacturers may also be vulnerable.

CVE-2025-14304 (CVSS score 7.0): Affects ASRock, ASRock Rack, and ASRock Industrial motherboards using Intel 500, 600, 700, and 800 series chipsets.

CVE-2025-11901 (CVSS score 7.0): Affects Asus motherboards using Intel Z490, W480, B460, H410, Z590, B560, H510, Z690, B660, W680, Z790, B760, and W790 series chipsets.

CVE-2025-14302 (CVSS score 7.0): Affects Gigabyte motherboards using Intel Z890, W880, Q870, B860, H810, Z790, B760, Z690, Q670, B660, H610, W790 chipsets, as well as AMD X870E, X870, B850, B840, X670, B650, A620, A620A, and TRX50 chipsets. A patch for TRX50 is scheduled for Q1 2026.

CVE-2025-14303 (CVSS score 7.0): Affects MSI motherboards using Intel 600 and 700 series chipsets.

Remediation

Owners of vulnerable devices should check for available firmware updates and install them after backing up important data.

Riot Games has updated the Vanguard anti-cheat system. If a system is vulnerable to DMA attacks, Vanguard now blocks the launch of Valorant and displays a pop-up window with instructions on what needs to be done to start the game.