12th Gen BIOS Vulnerability

Kieran_Levin · September 21, 2022, 12:01am

Products Impacted

Framework Laptop (12th Gen Intel Core)

Firmware Versions Impacted

BIOS <= 3.05

Firmware Version Fixed

NA

Description

Binarly, a firmware security analysis firm, discovered several issues in Insyde BIOS that impact the Framework Laptop (12th Gen Intel Core) with BIOS releases 3.05 and earlier. Unfortunately, patches from our upstream BIOS vendor were not made available until a few days ago. We are working to update and release a new BIOS with fixes for the disclosed issues as soon as we can. We will update this post when the updates are available. As well as the 12th Gen BIOS Knowledge base article. Framework Laptop BIOS and Driver Releases (12th Gen Intel® Core™)

You can read more here: Binarly Presents New Firmware Vulnerabilities at LABScon 2022 | Business Wire

amoun · September 21, 2022, 9:07am

So to clarify were tests done on the BIOS for the 11Gen too and the vulnerability was not found there?

junaruga · September 21, 2022, 10:32pm

@Kieran_Levin To clarify, what is the initial BIOS version on Framework Laptop 12 Gen?

Andrew_Timson · September 22, 2022, 1:26am

The initial version is 3.04.

junaruga · September 22, 2022, 3:15am

OK. Thanks.

junaruga · September 22, 2022, 3:27am

Is the current latest version for the 12th gen 3.05? I couldn’t see the 3.05’s changelog on the knowledge base: Framework Laptop BIOS and Driver Releases (12th Gen Intel® Core™) and the related thread on this forum.

Second_Coming · September 22, 2022, 5:06am

I’m guessing here’s what happened:
The Factory-Installed BIOS (3.04) is the latest version

Then Framework internally developed 3.05, and also tested internally…sent to Binarly for validation / scanning.
…and so 3.05 does exist…but not public beta.

And now, waiting for Insyde to address the vulnerabilities…for Binarly to validate another round.

junaruga · September 22, 2022, 5:19am

OK. Thanks for the info. I updated the BIOS guide - 12th Gen latest BIOS version as 3.04.

Steven_Viscarra · October 12, 2022, 4:45am

Has there been an update to this? Do we have an estimated timeline for the patch to be released?

Bernhard_Seibold · November 10, 2022, 8:42pm

A month later, still no BIOS update, not even an update on the timeline?

Chris_J · November 11, 2022, 2:24am

@Bernhard_Seibold Framework Laptops are now Thunderbolt 4 certified

Eric_Crawford-Anton · November 11, 2022, 7:55pm

@Chris_J the Thunderbolt 4 certification comes with the Bios Update.

amoun · November 11, 2022, 8:30pm

Was there ever a timeline to be updated ??

Chris_J · November 11, 2022, 9:07pm

@Eric_Crawford-Anton I know, I was letting the other user know

Ansley_Barnes · December 19, 2022, 8:00pm

Is this ever getting released? This is a security vulnerability. 90 days without a patch isn’t encouraging.

Ansley_Barnes · December 22, 2022, 8:10pm

Ask and ye shall receive, it seems: 12th Gen Intel Core BIOS 3.06 Beta