Affected vendors include ASRock, ASUSTeK Computer, GIGABYTE, and MSI. A disparity in the DMA protection status is the cause of the vulnerability. If the vulnerability is successfully exploited, a physically present attacker may be able to enable pre-boot code injection on impacted systems with unpatched firmware.

In an advisory, the CERT/CC stated that "fast patching and adherence to hardware security best practices are especially important in environments where physical access cannot be fully controlled or relied upon." In a different post, Riot Games stated that the critical flaw could be used to inject code and explained how the privileged state connected to the early boot sequence could be altered prior to the machine's operating system activating its security controls. "This problem made it possible for hardware cheats to inject code covertly, even when the host's security settings seemed to be enabled, according to Al-Sharifi. The firmware's incorrect signaling to the operating system that this feature was fully active is the root of the vulnerability.

A "sophisticated hardware cheat" may be able to enter, obtain elevated privileges, and hide itself without raising any red flags thanks to this short exploitation window. "By closing this pre-boot loophole, we are neutralizing an entire class of previously untouchable cheats and significantly raising the cost of unfair play," stated Riot Games. Although the vulnerability has been framed from the point of view of the gaming sector, the security risk extends to any attack that can abuse the physical access to inject malicious code.

"In essence, the system's 'bouncer' appeared Al-Sharifi claimed, "to be on duty, but was actually asleep in the chair." He continued, "It can't be 100% certain that zero integrity-breaking code was injected via DMA."