Motherboards from Gigabyte, MSI, ASUS, ASRock at risk from new UEFI flaw attack - here's what we know

1. Pro
2. Security

Motherboards from Gigabyte, MSI, ASUS, ASRock at risk from new UEFI flaw attack - here's what we know News By Sead Fadilpašić published 22 December 2025

Many popular devices reportedly vulnerable to direct memory access attacks

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Getty Images) Share Share by:

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google

• UEFI flaw leaves ASUS, Gigabyte, MSI, and ASRock motherboards exposed to DMA attacks
• Firmware falsely reports IOMMU protection enabled, allowing malicious PCIe devices pre‑boot access
• Riot Games discovered issue; users should apply vendor firmware updates to mitigate risk

A vulnerability in the implementation of UEFI firmware has left many popular motherboards vulnerable to direct memory access (DMA) attacks, researchers have warned, with these attacks possibly resulting in stubbornly persistent access, exposure of encryption keys and credentials, and a myriad of other problems.

Most modern computers use UEFI firmware, low-level software built into the motherboard that initializes hardware and securely starts the operating system. Among other things, the firmware is responsible for initializing and correctly enabling the Input-Output Memory Management Unit (IOMMU) isolation layer.

This hardware-enforced layer sits between system RAM and devices that can read and write directly to RAM without involving the CPU - direct memory access (DMA) devices. Those include PCIe cards, Thunderbolt devices, GPUs, etc. and similar. When it is properly initialized, a malicious device cannot read or write arbitrary memory.

You may like

• Experts warn Supermicro motherboards can be infected with "unremovable" new malware - here's what we know
• CISA reveals warning on Asus software flaw, here's what you need to do to stay safe
• AMD confirms some Zen 5 CPUs have a worrying security flaw that could put users at risk

False positives

The vulnerability occurs because, on affected motherboards, the UEFI firmware reports that DMA protection is enabled even though the IOMMU was never correctly initialized. In other words, the system believes the memory firewall is on when it is not enforcing any rules yet.

Since different vendors implement this feature differently, the vulnerability is tracked under different identifiers. Therefore, the bug is tracked as CVE-2025-11901, CVE-2025‑14302, CVE-2025-14303, and CVE-2025-14304 and affects some motherboards from ASUS, Gigabyte, MSI, and ASRock.

It was first discovered by researchers from Riot Games, creators of some of the world’s most popular multiplayer games, such as League of Legends, or Valorant. Riot has a tool called Vanguard, which works at kernel level and prevents cheats from being used. On vulnerable systems, Vanguard blocks Valorant from starting.

While the vulnerability does sound ominous, there is a major caveat - a PCIe device needs to be connected for a DMA attack, before the operating system starts. Still, users are advised to check with their motherboard manufacturers for firmware updates.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

Via BleepingComputer

The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons

➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead FadilpašićSocial Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Show More Comments

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more Experts warn Supermicro motherboards can be infected with "unremovable" new malware - here's what we know    CISA reveals warning on Asus software flaw, here's what you need to do to stay safe    AMD confirms some Zen 5 CPUs have a worrying security flaw that could put users at risk    Battering down the doors - this $50 hacking kit is enough to break Intel and AMD's toughest chip defenses, so be on your guard    Asus warns of new security flaw affecting AiCloud routers - here's what we know    DrayTek warns Vigor routers may have serious security flaws - here's what we know    Latest in Security HPE tells customers to patch OneView immediately as top-level security flaw spotted    Trump’s new $900 billion Pentagon funding plan includes ‘enhanced cybersecurity protections’ for Cyber Command - here’s what we know    Amazon is reportedly being deluged with North Korean job applicants eager to break inside its walls    WatchGuard Firebox OS forced to patch worrying security flaw, so update now    NHS England tech provider reveals data breach - DXS International hit by ransomware    Eurostar chatbot security flaws almost left customers exposed to possible security threats    Latest in News Large External SSDs are now cheaper than internal ones as 4TB SATA SSD face extinction due to negligible price difference    Mullvad VPN boosts WireGuard speeds and stability with new Rust-based engine    This gift-wrapping robot is quite funny, actually    Federal judge blocks Louisiana’s social media age verification law – here's why    Motherboards from Gigabyte, MSI, ASUS, ASRock at risk from new UEFI flaw attack - here's what we know    'We put the most pressure on ourselves' — Tomb Raider studio head on remaking one of the most iconic games of all time    LATEST ARTICLES

1. 1Gemini 3 Flash is smart — but when it doesn’t know, it makes stuff up anyway
2. 2Watch out, Nvidia - Qualcomm acquires Alphawave Semi in latest addition to its AI data center push
3. 3TechRadar Gaming's favorite gaming devices of 2025: personal picks from all the year's gear
4. 4Large External SSDs are now cheaper than internal ones as 4TB SATA SSD face extinction due to negligible price difference
5. 5Arm sheds billions in market capitalization after Qualcomm hints at RISC-V adoption with Ventara Micro acquisition