The UEFI firmware implementation in some motherboards from ASUS, Gigabyte, MSI, and ASRock is vulnerable to direct memory access (DMA) attacks that can bypass early-boot memory protections.
The security issue has received multiple identifiers (CVE-2025-11901, CVE-2025‑14302, CVE-2025-14303, and CVE-2025-14304) due to differences in vendor implementations
DMA is a hardware feature that allows devices such as graphics cards, Thunderbolt devices, and PCIe devices to read and write directly to RAM without involving the CPU.
IOMMU is a hardware-enforced memory firewall that sits between devices and RAM, controlling which memory regions are accessible for each device.
During early boot, when UEFI firmware initializes, IOMMU must activate before DMA attacks are possible; otherwise, there is no protection in place to stop reading or writing on memory regions via physical access.
Valorant not launching on vulnerable systems
The vulnerability was discovered by Riot Games researchers Nick Peterson and Mohamed Al-Sharifi. It causes the UEFI firmware to show that the DMA protection is enabled even if the IOMMU did not initialize correctly, leaving the system exposed to attacks.
Peterson and Al-Sharifi disclosed the security isssue responsibly and worked with CERT Taiwan to coordinate a response and reach affected vendors.
The researchers explain that when a computer system is turned on, it is "in its most privileged state: it has full, unrestricted access to the entire system and all connected hardware."
Protections become available only after loading the initial firmware, which is UEFI most of the time, which initializes hardware and software in a secure way. The operating system is among the last to load in the boot sequence.
... continue reading