LogoFAIL
This article will address the topic of LogoFAIL, which has become very relevant today. From its origins to its implications in today's society, LogoFAIL has been the subject of study and debate in various areas. Throughout history, LogoFAIL has played a fundamental role in the development of humanity, influencing culture, politics, economics and people's daily lives. Through detailed analysis, the different facets of LogoFAIL, its importance in the current context and its impact in the future will be explored.
 | This article may be too technical for most readers to understand. (May 2024) |
| CVE identifier(s) | CVE-2023-40238 |
|---|---|
| Discoverer | Binarly |
| Affected hardware | Motherboard firmware with TianoCore EDK II, including Insyde InsydeH2O, AMI, and Phoenix firmware |
LogoFAIL is a security vulnerability and exploit thereof that affects computer motherboard firmware with TianoCore EDK II, including Insyde Software's InsydeH2O modules and similar code in AMI and Phoenix firmware, which are commonly found on both Intel and AMD motherboards, and which enable loading of custom boot logos. The exploit was discovered in December 2023 by researchers at Binarly.
Description
The vulnerability exists when the Driver Execution Environment (DXE) is active after a successful Power On Self Test (POST) in the UEFI firmware (also known as the BIOS). The UEFI's boot logo is replaced with the exploit payload at this point, and the exploit can then take control of the system.
Patches
Intel patched the issue in Intel Management Engine (ME) version 16.1.30.2307 in December 2023. AMD addressed the problem in AGESA version 1.2.0.b, although some motherboard manufacturers did not include the fix under AGESA 1.2.0.c.
External links
References
- ^ Dan Goodin (December 6, 2023). "Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack". Ars Technica.
- ^ a b Roshan Ashraf Shaikh (December 6, 2023). "LogoFAIL exploit bypasses hardware and software security measures and is nearly impossible to detect or remove". Ars Technica.
- ^ Roshan Ashraf Shaikh (April 10, 2024). "AMD motherboard partners start rolling out BIOS updates with LogoFAIL bugfix". Tom's Hardware.
 | This computer security article is a stub. You can help Wikipedia by expanding it. |