Monday 30 March 2026Afternoon Edition

ZOTPAPER

News without the noise

Cybersecurity

UEFI Bug in Major Motherboards Fakes DMA Protection While Leaving Systems Wide Open

ASUS, Gigabyte, MSI, and ASRock all affected by firmware flaw discovered by Riot Games anti-cheat researchers

Zotpaper2 min read
A firmware vulnerability affecting motherboards from ASUS, Gigabyte, MSI, and ASRock can report that DMA protections are active while failing to initialize the IOMMU, leaving systems vulnerable to pre-boot attacks from malicious PCIe or Thunderbolt devices.

The bug was originally discovered by Riot Games researchers investigating anti-cheat failures on affected systems. Games like Valorant were blocking players on motherboards where the UEFI firmware claimed DMA protections were enabled but the IOMMU had never been properly configured during early boot handoff.

The implications extend far beyond gaming. Any scenario requiring early-boot integrity — secure enclaves, endpoint protections, forensic reliability — is compromised on affected hardware. An attacker with physical access and a malicious DMA-capable peripheral connected before the OS takes control can read or modify system RAM with no operating system alerts, enabling undetectable persistence or early rootkits.

Multiple CVEs have been assigned across vendors: CVE-2025-11901, CVE-2025-14302, CVE-2025-14303, and CVE-2025-14304. All four manufacturers have published advisories and firmware updates. Users are urged to check their vendor pages and apply updates after backing up data.

Analysis

Why This Matters

Firmware-level vulnerabilities are particularly dangerous because they operate below the OS, making detection nearly impossible with conventional security tools. The false reporting of protection status is especially insidious.

Background

DMA attacks via Thunderbolt and PCIe have been a known threat vector for years. IOMMU protections were specifically designed to prevent them, making a bug that silently disables these protections a serious concern for high-security environments.

Key Perspectives

Riot Games discovery of the bug through anti-cheat research highlights how gaming security can surface vulnerabilities with broader implications. Security teams should treat firmware patching with the same urgency as OS updates.

What to Watch

Whether all affected firmware variants receive timely patches. Enterprise environments should audit their hardware against the CVE list and prioritize updates for systems in physically accessible locations.

Sources