A significant security vulnerability has emerged affecting motherboards from Gigabyte, MSI, ASRock, and ASUS. Riot Games analysts and researchers identified a critical flaw during their ongoing investigation into gaming system security.
The vulnerability, termed “Sleeping Bouncer,” exploits a weakness in the pre-boot protection mechanisms that are supposed to safeguard computer hardware during system initialization.
The flaw allows attackers to inject malicious code during the earliest moments of a computer’s boot sequence.
While security features appear enabled in the BIOS settings, the underlying hardware implementation fails to activate protective mechanisms properly.
This creates a narrow but exploitable window where malware can take control of the system before traditional security programs even activate.
The affected systems range from consumer-grade gaming machines to high-end workstations, making this vulnerability broadly impactful across the computing community.
Understanding how this vulnerability works requires knowledge of how computers start up. When a PC powers on, it operates at its highest privilege level with complete access to all system components.
The system loads its firmware, which then initiates a chain of hardware and software startup procedures. Only after this complex initialization process does the operating system take control.
Riot Games analysts and researchers noted that components loading earlier in this startup sequence possess greater privileges and can manipulate later-loading components.
Operating systems load near the end of this process, meaning malicious software can load first, gain elevated privileges, and hide itself before the operating system has any chance to defend against it.
The vulnerability specifically targets the IOMMU function, a critical security feature that acts as a bouncer for system memory access.
Sleeping Bouncer vulnerability
The Sleeping Bouncer vulnerability centers on pre-boot DMA protection, a BIOS security feature that prevents rogue devices from accessing system memory during early boot stages.
DMA cards are hardware devices that can directly access memory, bypassing both the CPU and the Windows operating system.
The IOMMU hardware feature controls which devices get access to memory, working much like a security guard checking identification.
Firmware manufacturers signaled to operating systems that this protection was fully active when it was actually failing to initialize correctly.
The vulnerability window remains brief but devastatingly effective. While the Pre-Boot DMA Protection appeared enabled in BIOS, the IOMMU failed to fully initialize during the earliest boot seconds.
The system’s security bouncer appeared on duty but was essentially asleep. By the time the system was fully loaded, it could not be completely confident that no integrity-breaking code had been injected through DMA attacks.
A sophisticated hardware cheat only needs this small opportunity to sneak in, inject code, and hide before Vanguard security systems activate.
Hardware manufacturers have released comprehensive BIOS updates addressing this critical flaw. Asus, Gigabyte, MSI, and ASRock have all published security advisories with corresponding CVE numbers.
Affected users should update the motherboard firmware immediately by visiting the official manufacturer’s websites.
Vanguard will enforce stricter security baseline checks, restricting access to competitive play on systems with unpatched motherboards or disabled security features.
Users receiving VAN:Restriction notifications must update firmware before continuing gameplay.
The successful identification and remediation of this vulnerability represents a significant achievement for the entire gaming industry, as undetected flaws could have rendered all existing DMA detection technology in the market ineffective.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
