Riot’s Valorant anti cheat is now a BIOS test, thanks to an early boot DMA hole
Riot has done the funniest possible thing with a firmware security bug. Instead of treating it like a background “please patch” notice that most users will ignore forever, it has effectively turned it into a gate. If you want to play Valorant, you may need to update your motherboard BIOS first, because an early-boot loophole has been helping hardware cheaters live below the OS and walk past anti-cheat.
The issue, as described by CERT and reported by SecurityWeek, is a glaring mismatch between what the firmware reports and what it actually does. During boot, the system may indicate that DMA protections are enabled, whereas the IOMMU is not properly configured until just before handoff to the operating system. That leaves a window for a malicious PCIe device with physical access to use DMA to read or tamper with memory before the OS has a chance to intervene.
This is not a theoretical academic puzzle. Riot says this class of weakness has been used to hide DMA cheats, and it has worked with motherboard vendors to push BIOS updates. Tom’s Hardware reports that players who do not update can be hit with Vanguard restrictions that stop the game from launching.
This is what happens when firmware becomes part of the threat model
For years, much of PC security has operated on a convenient assumption: firmware is mostly fine, and the interesting fights happen once Windows boots. Anti-cheat vendors quietly gave up on that assumption ages ago. If you are trying to stop a determined attacker, you end up caring about the whole boot chain, because the easiest way to evade a watchdog is to start running before the watchdog is awake.
That is the uncomfortable part. Riot is not only pushing a fix for cheaters. It is normalising the idea that consumer software will enforce platform security settings, firmware versions, and boot configuration. That is a big shift, and not just for games.
What was actually broken?
In plain English, the IOMMU is meant to prevent peripheral devices from freely DMAing into and out of system memory. If it is not enabled early enough, a malicious device on PCIe can get a head start and do things the OS would normally try to prevent.
SecurityWeek notes that exploitation requires physical access, specifically the ability to connect a malicious PCIe device. That is an important constraint, but it is not a get-out-of-jail-free card as some people think. Physical access is exactly what Hardware cheat setups are built around, and it is also a real-world scenario for shared systems, events, LAN environments, repair shops, and any machine that lives outside a locked office.
Multiple CVEs have been assigned, including CVE-2025-11901 and CVE-2025-14302 through CVE-2025-14304. Gigabyte’s advisory describes the core failure as the IOMMU not being properly initialised during early boot, despite firmware indicating DMA protection is active—ASRock’s advisory points to affected Intel 500 through 800 series platforms and rates severity as medium.
Riot’s enforcement is the story, not the CVSS score
On paper, you can argue about severity all day. Medium score; requires physical access; not a remote, wormable catastrophe. In practice, Riot has made it matter by being willing to inconvenience users to shut down a cheating vector. The moment Vanguard starts refusing to run on a system with a known weak firmware path, “optional BIOS update” becomes “mandatory BIOS update”.
Riot’s own Vanguard Restrictions guidance already pushes users toward a security baseline that includes Secure Boot, TPM 2.0, IOMMU, and VBS-style protections. That checklist has now collided with a firmware flaw that undermines its purpose.
The wider implication is simple. If anti-cheat can demand a patched BIOS, other software can too. Today, it is a competitive shooter. Tomorrow, it is an enterprise endpoint agent, a banking app, or a remote proctoring tool. The PC industry has spent years pretending firmware updates are niche enthusiast behaviour. Riot is effectively saying the opposite.
What should affected users do?
If you are on an ASRock, ASUS, Gigabyte, or MSI motherboard, check your vendor’s support page for the latest BIOS and read the notes. Do not assume Windows Update will save you here. BIOS updates are still very much a “you go get it” chore.
Also, be realistic about the process. BIOS flashing is safer than it used to be, but it is still the one update path where a mistake can ruin your day. Follow the vendor’s instructions, do not flash during a storm, and do not improvise because a forum post said it worked for someone else.
If you are a Valorant player and Vanguard blocks you, Riot’s support guidance points you toward BIOS updates and enabling the relevant platform security features. You can treat that as annoying, or you can treat it as the most direct security prompt you have received all year.
This is not just a problem in the games industry
There is a line in SecurityWeek’s coverage that matters more than the esports drama: IOMMU configuration is foundational to isolation and trust delegation in virtualised and cloud environments, too. The gaming angle got this into headlines, but the underlying lesson is broader. Firmware is still a soft underbelly, and the PC ecosystem still ships far too many systems where “enabled” does not always mean “enabled when it counts”.
Riot did not invent that problem, but it just made it impossible to ignore.
Sources
- SecurityWeek: UEFI vulnerability in major motherboards enables early boot attacks
- Tom’s Hardware: Riot blocks Valorant players who do not update BIOS
- Riot Support: Vanguard Restrictions
- Gigabyte advisory: CVE-2025-14302, IOMMU initialisation issue
- ASRock security centre: CVE-2025-14304
- The Verge: Riot found a motherboard security flaw that helps PC cheaters
