If VALORANT — or another Riot game — has started blocking you with a VAN:Restriction message asking you to update your motherboard firmware, this is not a bug and not a false ban. Riot's Vanguard anti-cheat found a real security flaw in a wide range of motherboards, and it is now refusing to run on systems that are still exposed.
Here is what the flaw actually is, why it matters for anti-cheat, and the steps to clear the restriction.
The flaw: a pre-boot gap in motherboard firmware
Modern PCs have a protection called Pre-Boot DMA Protection. DMA — Direct Memory Access — lets hardware devices read and write system memory directly, without going through the CPU. That is excellent for performance, and dangerous in the hands of a malicious device. The defence is the IOMMU, a chipset function that acts like a bouncer for RAM: it decides which device is allowed to touch which memory.
Vanguard's engineers found that on many motherboards the firmware reports that Pre-Boot DMA Protection is on — while the IOMMU has not actually finished initialising during early boot. For a short window while the machine is starting up, RAM is unguarded, even though the system claims otherwise.
That window is exactly what an attacker — or a DMA hardware cheat — needs: it can inject code before Vanguard itself has loaded, so the anti-cheat never sees it happen.
Why this matters for anti-cheat
DMA cheats are the high end of cheating. The cheat runs on a second device, often a separate card, that reads game memory directly — so there is nothing on the gaming PC for a normal anti-cheat to scan. They are effective, expensive, and have long been a very hard target.
By closing the pre-boot gap, Vanguard removes the launch point those cheats relied on. Riot shared its findings with the motherboard makers — ASUS, Gigabyte, MSI and ASRock — who have published security advisories and firmware fixes, assigned CVE identifiers (CVE-2025-11901 and CVE-2025-14302 through CVE-2025-14304). So this is not a Riot-only quirk; it is a genuine firmware vulnerability with industry CVEs attached.
What VAN:Restriction actually is
VAN:Restriction is Vanguard's mechanism for refusing to start a game when it detects an unsafe security configuration. Rather than letting you play and risking an unfair match, it stops you at the door and shows a pop-up describing what needs to change. The restriction can be applied at the account or the HWID level.
It is not a ban. You did nothing wrong, and your account is not in trouble. It is a gate: meet the security requirement and the gate opens.
How to clear the restriction
The pop-up tells you what your specific system needs. In practice it comes down to two things — current firmware, and the right security features switched on.
- Identify your motherboard and CPU. You need the exact board model to find the correct firmware. On Windows, System Information shows the baseboard model.
- Update the BIOS/UEFI firmware. Go to your motherboard manufacturer's official support page for that model, download the latest firmware, and follow their instructions exactly. The fix for this flaw ships as a BIOS update.
- Enable the required security features in BIOS. VAN:Restriction commonly asks for TPM 2.0, Secure Boot, the IOMMU (often labelled VT-d on Intel, or AMD-Vi / IOMMU on AMD), and HVCI / Memory Integrity (Virtualization-Based Security) in Windows.
A serious caution: flashing a BIOS is the one PC maintenance task that can leave a machine unbootable if it goes wrong — interrupted power, the wrong file. If you are not confident, use the manufacturer's support resources or a professional. That is Riot's own advice, and it is sound.
The bigger picture
This is part of a clear direction of travel. Anti-cheat used to live entirely in software; it now increasingly depends on the hardware and firmware underneath being trustworthy — Secure Boot, TPM, and now verified pre-boot memory protection. Vanguard checking your IOMMU is the same idea as it requiring TPM 2.0: the anti-cheat wants a known-good foundation before it trusts anything above it.
For players, the practical consequence is that modern, fully updated firmware is becoming a requirement to play certain games, not an optional extra.
The takeaway
A VAN:Restriction prompt to update your motherboard is Vanguard responding to a real, CVE-tracked firmware flaw, not punishing you. The fix is a legitimate BIOS update plus a few security settings — all of it work you would want done anyway for a secure system. Do it carefully, or get help doing it, and the restriction lifts. If BIOS flashing genuinely is beyond your comfort, that is a fair reason to lean on manufacturer support rather than improvise.