LogoFAIL firmware attack (with link to Insyde's security advisory)

Never forget that “normal users” can be frightened by text :wink: (to some it also seems cheap).

Best part is, the logos at least 12th gen shows anywhere are png. But the base BIOS seems to be a very unified build from Insyde that includes all the parsers for all formats. Number one way to be more security conscious would be to only enable / add the code for the formats actually used. It’s modular after all. The AMD FW13 also had a PXE exploit listed (with FW stating they were unsure if it could be exploited, seeing as the FW does not support PXE booting anyway. Also an issue I do not think was fixed for 12th gen yet).
That just tells you that Insyde is not being defensive in there development at all. Just throwing tons of unused code in there, when they have proven that its not secure and they seem to not even test for robustness, even after the issues were publicized.

4 Likes

LogoFAIL has now been found in the wild.
Researchers have made public, for the first time, that code was found on an internet-connected server. The code uses LogoFAIL to install a bootkit for Linux, bootkitty, and appears production-ready / ready to release.

Bootkitty: “Hard to detect, Hard to disinfect”

So, has logoFAIL been fixed for Release BIOS firmware for every gen? @anyone who happens to know

This is what I saw looking through the firmware release pages.
• 11th Gen
I do not find “LogoFAIL” or the exploit identifier numbers in the notes on the firmware page.
11th Gen BIOS and Driver firmware page

• 12th Gen
BIOS 3.08 (windows) is listed as fixing LogoFAIL.
Linux installer is still beta: forum thread with link
12th Gen BIOS and Driver firmware page

• AMD Ryzen 7040, Framework Laptop 13
BIOS 3.05 is listed as fixing LogoFAIL.
FWL13 AMD 7040 BIOS and Driver firmware page

I do not find “LogoFAIL” or the exploit identifiers CVE-2023-40238, BRLY-2023-006, or CVE-2023-39538 in the notes in the firmware pages for any of the others. The 13th Gen, Intel Ultra Series 1, or Framework Laptop 16 AMD 7040.
Were they perhaps never affected to begin with? I believe they are affected, as I recall seeing mention.

I have not searched through any Beta firmware.
If beta firmware is required to protect against logoFAIL, then I’d like to see Framework either push it to release, if at all possible. Or email affected customers to inform them that beta firmware is available to fix it.

Some additional links
BIOS and Drivers Downloads
Updating BIOS on Linux

5 Likes