Cybersecurity specialists simply discovered a flaw in the UEFI firmware that many fashionable motherboards use. The “bug” may let attackers do direct reminiscence entry (DMA) assaults on programs, which can allow unauthorized customers to realize deep and chronic entry to affected programs below sure situations, and the worst half is that it impacts boards from a number of main producers, together with Gigabyte, MSI, ASUS, and ASRock.
To present you context, the PC motherboard incorporates low-level software program known as UEFI, or Unified Extensible Firmware Interface, which securely begins the working system and initializes {hardware} elements. One among its major safety obligations is to allow the Enter-Output Reminiscence Administration Unit (IOMMU), a hardware-based isolation mechanism that’s supposed to safeguard system reminiscence. If arrange accurately, the IOMMU stops exterior gadgets from studying or writing to random elements of system RAM.
Elements corresponding to PCIe growth playing cards, Thunderbolt peripherals, GPUs, and comparable {hardware} that may entry reminiscence straight with out passing via the CPU are included in DMA-capable gadgets. Malicious or compromised {hardware} can have much less of an affect as a result of these gadgets are restricted to explicit reminiscence areas if the IOMMU is operational and correctly initialized.
The lately found vulnerability is attributable to the fallacious method this safety was arrange; in affected motherboards, the UEFI firmware says that DMA safety is on, although the IOMMU was by no means absolutely or accurately arrange, after which the working system consequently assumes that reminiscence protections are carried out, although they aren’t actively enforced.
The problem is being tracked below a number of vulnerability identifiers: CVE-2025-11901, CVE-2025-14302, CVE-2025-14303, and CVE-2025-14304, as motherboard distributors implement UEFI options otherwise.
Researchers at Riot Video games, the developer of well-known multiplayer video games like League of Legends and Valorant, had been the primary ones to determine the vulnerability. Vanguard, Riot’s anti-cheat system, is carried out on the kernel degree and incorporates safeguards which might be supposed to stop unauthorized system manipulation. Valorant could also be prevented from launching on programs which might be affected by this particular flaw, as it detects an unsafe {hardware} safety state.
There’s an essential limitation to consider, although the doable impact might be horrible: the flexibility to bodily entry the system and join a malicious PCIe or comparable machine earlier than the working system boots up are stipulations for a DMA assault. Consequently, the likelihood of widespread exploitation is considerably diminished, notably for residential customers.
Customers are being suggested to monitor updates from their motherboard producers and apply any out there firmware patches. Updating the UEFI firmware continues to be important to preserving system safety, notably in mild of the continuing evolution of hardware-level assaults.
Filed in . Learn extra about Asus, Cybersecurity, Gigabyte, Msi and Security.
Trending Merchandise
SAMSUNG FT45 Sequence 24-Inch FHD 1...
ASUS RT-AX1800S Dual Band WiFi 6 Ex...
