A critical vulnerability in the UEFI firmware of motherboards from ASUS, Gigabyte, MSI, and ASRock allows attackers with physical access to bypass memory protections during the early boot process. Tracked under multiple CVE identifiers, the flaw causes the system to incorrectly report that DMA (Direct Memory Access) protections are active when the critical IOMMU memory firewall has not yet been properly initialized. This creates a window where a malicious PCIe device connected to the system can read from or write to RAM without restriction before the operating system loads.
Discovered by Riot Games researchers, the issue is particularly relevant to gaming security, as their Vanguard anti-cheat system relies on a secure boot environment to prevent kernel-level cheats. On vulnerable systems, games like Valorant will not launch, and Vanguard will display an error explaining that system integrity cannot be guaranteed. However, the security implications extend far beyond gaming, enabling pre-boot attacks that could compromise the entire operating system stealthily.
The vulnerability requires physical access to connect a malicious PCIe device, but successful exploitation would leave no trace, as security tools are not yet active during this phase. CERT/CC has coordinated with the affected vendors, who have released firmware updates for specific motherboard models. Users are urged to check for and install these updates, while Riot Games has updated Vanguard to detect and block execution on unpatched systems to maintain competitive integrity.
Read more...