12th Gen BIOS Vulnerability

Products Impacted

Framework Laptop (12th Gen Intel Core)

Firmware Versions Impacted

BIOS <= 3.05

Firmware Version Fixed

NA

Description

Binarly, a firmware security analysis firm, discovered several issues in Insyde BIOS that impact the Framework Laptop (12th Gen Intel Core) with BIOS releases 3.05 and earlier. Unfortunately, patches from our upstream BIOS vendor were not made available until a few days ago. We are working to update and release a new BIOS with fixes for the disclosed issues as soon as we can. We will update this post when the updates are available. As well as the 12th Gen BIOS Knowledge base article. Framework Laptop BIOS and Driver Releases (12th Gen Intel® Core™)

You can read more here: Binarly Presents New Firmware Vulnerabilities at LABScon 2022 | Business Wire

12 Likes

So to clarify were tests done on the BIOS for the 11Gen too and the vulnerability was not found there?

2 Likes

@Kieran_Levin To clarify, what is the initial BIOS version on Framework Laptop 12 Gen?

The initial version is 3.04.

OK. Thanks.

Is the current latest version for the 12th gen 3.05? I couldn’t see the 3.05’s changelog on the knowledge base: Framework Laptop BIOS and Driver Releases (12th Gen Intel® Core™) and the related thread on this forum.

I’m guessing here’s what happened:
The Factory-Installed BIOS (3.04) is the latest version

Then Framework internally developed 3.05, and also tested internally…sent to Binarly for validation / scanning.
…and so 3.05 does exist…but not public beta.

And now, waiting for Insyde to address the vulnerabilities…for Binarly to validate another round.

OK. Thanks for the info. I updated the BIOS guide - 12th Gen latest BIOS version as 3.04.

2 Likes