12th Gen BIOS Vulnerability

Products Impacted

Framework Laptop (12th Gen Intel Core)

Firmware Versions Impacted

BIOS <= 3.05

Firmware Version Fixed

NA

Description

Binarly, a firmware security analysis firm, discovered several issues in Insyde BIOS that impact the Framework Laptop (12th Gen Intel Core) with BIOS releases 3.05 and earlier. Unfortunately, patches from our upstream BIOS vendor were not made available until a few days ago. We are working to update and release a new BIOS with fixes for the disclosed issues as soon as we can. We will update this post when the updates are available. As well as the 12th Gen BIOS Knowledge base article. Framework Laptop BIOS and Driver Releases (12th Gen Intel® Core™)

You can read more here: Binarly Presents New Firmware Vulnerabilities at LABScon 2022 | Business Wire

15 Likes

So to clarify were tests done on the BIOS for the 11Gen too and the vulnerability was not found there?

2 Likes

@Kieran_Levin To clarify, what is the initial BIOS version on Framework Laptop 12 Gen?

The initial version is 3.04.

OK. Thanks.

1 Like

Is the current latest version for the 12th gen 3.05? I couldn’t see the 3.05’s changelog on the knowledge base: Framework Laptop BIOS and Driver Releases (12th Gen Intel® Core™) and the related thread on this forum.

2 Likes

I’m guessing here’s what happened:
The Factory-Installed BIOS (3.04) is the latest version

Then Framework internally developed 3.05, and also tested internally…sent to Binarly for validation / scanning.
…and so 3.05 does exist…but not public beta.

And now, waiting for Insyde to address the vulnerabilities…for Binarly to validate another round.

OK. Thanks for the info. I updated the BIOS guide - 12th Gen latest BIOS version as 3.04.

4 Likes

Has there been an update to this? Do we have an estimated timeline for the patch to be released?

2 Likes

A month later, still no BIOS update, not even an update on the timeline?

2 Likes

@Bernhard_Seibold Framework Laptops are now Thunderbolt 4 certified

3 Likes

@Chris_J the Thunderbolt 4 certification comes with the Bios Update.

2 Likes

Was there ever a timeline to be updated ??

2 Likes

@Eric_Crawford-Anton I know, I was letting the other user know

2 Likes

Is this ever getting released? This is a security vulnerability. 90 days without a patch isn’t encouraging.

3 Likes

Ask and ye shall receive, it seems: 12th Gen Intel Core BIOS 3.06 Beta

3 Likes

Since there is no stable release, is it safe to install the Beta?

I’ve been running it since release (using Win11) and it’s been fine.

1 Like

It should be safe to use daily, I’ve been on beta since it came out. Have not faced any issues with it
this beta bios update can’t be rolled back to the previous version, if you do install it, keep that in mind, it’s a one way ticket.

2 Likes