![](/style/images/good.png)
![](/style/images/bad.png)
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware at...
source link: https://lwn.net/Articles/953985/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack(ars technica)
Posted Dec 7, 2023 16:22 UTC (Thu) by jafd (subscriber, #129642) [Link]
They also have a table with aggregated stats: all vendors have buggy image parsers (I'd wager because there are only three firmware vendors, of which none are known for exceptional code quality) but only boards from Acer, Lenovo, and Intel are actually exploitable.
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack(ars technica)
Posted Dec 7, 2023 17:47 UTC (Thu) by simon.d (guest, #168021) [Link]
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack(ars technica)
Posted Dec 7, 2023 23:37 UTC (Thu) by epithumia (subscriber, #23370) [Link]
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack(ars technica)
Posted Dec 8, 2023 0:04 UTC (Fri) by randomguy3 (subscriber, #71063) [Link]
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack(ars technica)
Posted Dec 8, 2023 6:47 UTC (Fri) by WolfWings (subscriber, #56790) [Link]
But once it's loaded an exploit would be running in essentially the earliest of the early UEFI boot zones so it can overwrite whatever it pleases with impunity.
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack(ars technica)
Posted Dec 10, 2023 18:04 UTC (Sun) by jacinto (subscriber, #157537) [Link]
To my limited understanding, a compromised install could easily be erased by replacing the compromised EFI boot code file with the correct file. A reformat and reinstall of Linux on the SSD would also serve to erase any other potential malicious modifications to the system. The article seems to suggest, without nuance, that the malicious boot code becomes permanently embedded and unfixable. I could understand the permanence of the exploit if there were an embedded storage device in the motherboard that served as the EFI partition, but for the scenario I described it seems like the article’s dire claim would not be true.
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack(ars technica)
Posted Dec 8, 2023 15:39 UTC (Fri) by tshow (subscriber, #6411) [Link]
Look back over Dan Goodin's security articles on Ars Technica over the years and you may or may not notice a theme in this regard. Somewhere buried in any of the articles is usually some useful info, but the title and overall tone are generally BILLIONS OF MACHINES VULNERABLE TO EXPLOIT ALL IS LOST.
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack(ars technica)
Posted Dec 9, 2023 3:20 UTC (Sat) by csamuel (✭ supporter ✭, #2624) [Link]
> Since the vulnerable parsers are developed and distributed by the IBVs – AMI, Insyde and Phoenix – a large percentage of devices
> UEFI firmware image out there contains a parser vulnerable to LogoFAIL. This is also confirmed by the data our platform constantly
> scans. Thanks to our triaging efforts, we were able to produce rules for fwhunt, our firmware vulnerability scanner, and confirm that
> every OEM is impacted by this supply chain problem. As we can see in the following table, we detected parsers vulnerable to
> LogoFAIL in hundreds of devices sold by Lenovo, Supermicro, MSI, HP, Acer, Dell, Fujitsu, Samsung and Intel.
But then goes on to say:
> The exploitability of these vulnerabilities relies on whether the user is able to input data to a parser. When these parsers are used to
> display a logo during boot and when this logo can be replaced by an attacker, using any of the OEM customization techniques
> described in the Attack Surface section of this blogpost, then LogoFAIL becomes an exploitable threat.
They do list 3 scenarios by which it could be exploited, with the first being the easiest (and potentially remote) attack with just 3 vendors named, but then include as the hardest using an SPI flash programmer which would require physical access & an unprotected BIOS which could expand that list considerably.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK