A critical firmware vulnerability affecting motherboards from major manufacturers including Gigabyte, MSI, ASRock, and ASUS has been discovered by Riot Games’ Vanguard anti-cheat team.
The vulnerability, dubbed “Sleeping Bouncer,” allows sophisticated hardware-based cheats to inject malicious code during the earliest stages of system boot, bypassing security protections that appeared to be active.
The security vulnerability centers on Pre-Boot DMA Protection, a feature designed to leverage the system’s Input-Output Memory Management Unit (IOMMU) to prevent unauthorized Direct Memory Access during boot.
IOMMU functions as a gatekeeper for system memory, validating which devices can access RAM and blocking unauthorized attempts.
However, Riot’s research team discovered that certain motherboard firmware implementations incorrectly signaled to the operating system that Pre-Boot DMA Protection was fully active, when the IOMMU was actually failing to initialize properly during early boot stages.
This created a critical window of vulnerability where the system’s security “bouncer” appeared on duty but was effectively asleep.
The vulnerability impacts explicitly the boot sequence the privileged initialization process where firmware loads before the operating system gains control.
Components loading earlier in this chain possess higher system privileges and can manipulate later-loading components, including the OS itself.
This architecture creates an ideal attack vector for hardware cheats using DMA cards, which can directly access system memory while bypassing CPU and Windows-level protections.
Industry-Wide Security Impact
The vulnerability’s implications extend far beyond gaming. Had this issue remained undetected, it would have completely nullified existing DMA detection and prevention technologies across the entire cybersecurity industry.
The vulnerability undermines fundamental assumptions that operating systems make about boot integrity, potentially affecting any security software relying on Pre-Boot DMA Protection signals.
Riot Games discovered the vulnerability earlier in 2025 and responsibly disclosed it to affected hardware manufacturers.
Major vendors have since released comprehensive BIOS updates and published security advisories addressing the issue.
The coordinated disclosure resulted in multiple CVE assignments:
- ASUS: CVE-2025-11901.
- Gigabyte: CVE-2025-14302.
- MSI: CVE-2025-14303.
- ASRock: CVE-2025-14304.
The CERT Coordination Center also issued case VU#382314 documenting the vulnerability. All affected manufacturers have released firmware updates that ensure security features activate from the first millisecond of system power-on, closing the pre-boot exploitation window.
Mitigation and Recommendations
Riot Games’ Vanguard anti-cheat system will begin enforcing stricter boot security checks for players with affected systems.
Users on vulnerable firmware versions will receive VAN:Restriction notifications requiring motherboard firmware updates before they can continue playing VALORANT.
The company is also considering mandatory security baseline requirements for high-ranked players (Ascendant rank and above).
The VAN:Restriction system identifies systems with suspicious hardware behavior or configurations similar to known cheating setups.
Receiving a restriction doesn’t necessarily indicate cheating suspicion but rather that the system configuration fails to meet minimum security requirements for competitive integrity.
Users should immediately update their motherboard firmware to the latest version available from manufacturer websites. Official security advisories and update guidance are available from ASUS, Gigabyte, MSI, and ASRock support portals.
System administrators and security teams should verify that Pre-Boot DMA Protection and related security features like Secure Boot, Virtualization-Based Security (VBS), and IOMMU are properly configured and functioning after applying updates.
This discovery represents a significant advancement in gaming security and demonstrates the value of collaboration between software developers and hardware manufacturers in addressing systemic vulnerabilities that impact the broader technology ecosystem.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.