Riot Discovers A Bug Leading To Bans

Vanguard will soon begin enforcing stricter system boot security checks after identifying a critical vulnerability affecting a range of modern motherboards.

This issue created a pathway for advanced hardware cheats to inject malicious code during the earliest moments of system startup, even when security settings appeared to be enabled.

Since cheats that load before the operating system gain elevated privileges, Vanguard must verify system integrity as early as possible to maintain fair competition.

Why Early Boot Security Is Critical

When a PC powers on, it starts in a highly privileged state with unrestricted access to memory and hardware. During this phase, the system executes its firmware, typically UEFI, and initializes core components before control is passed to the operating system.

Components that load earlier in this process can manipulate those that load later, allowing malicious hardware to hide itself before traditional defenses become active.

The Firmware Vulnerability Explained

Security features such as Secure Boot, Virtualization Based Security, and IOMMU are designed to prevent this type of exploitation when properly enabled.

However, investigations revealed that some motherboard firmwares incorrectly reported that Pre-Boot DMA Protection was active while the IOMMU failed to initialize correctly during early boot.

As a result, systems appeared secure in BIOS settings while briefly allowing Direct Memory Access devices to inject code unnoticed.

How Hardware Cheats Exploited the Gap

DMA devices can access system memory directly without going through the CPU or operating system. Without a fully initialized IOMMU at startup, these devices could inject malicious code before security systems became operational. By the time the operating system and Vanguard loaded, the cheat could already be embedded in memory and effectively hidden from detection.

Firmware Updates and Industry Collaboration

The vulnerability was shared with hardware manufacturers earlier this year, leading to coordinated firmware updates designed to ensure security features are active from the very first moment of system startup.

Major manufacturers including ASUS, Gigabyte, MSI, and ASRock have released security advisories and BIOS updates addressing the issue.

Updating motherboard firmware ensures that enabled protections function correctly and consistently.

What Happens When a VAN:Restriction Appears

VAN:Restriction is Vanguard’s method of informing players that system integrity cannot be guaranteed due to missing or malfunctioning security features.

When triggered, VALORANT cannot be launched until the required protections are enabled or the motherboard firmware is updated according to manufacturer guidance.

These restrictions are applied when system behavior resembles configurations commonly used to bypass security mechanisms, not as an accusation of cheating.