Search

LogoFAIL

LogoFAIL is a security vulnerability and exploit thereof that affects computer motherboard firmware with TianoCore EDK II, including Insyde Software's InsydeH2O modules and similar code in AMI and Phoenix firmware, which are commonly found on both Intel and AMD motherboards, and which enable loading of custom boot logos. The exploit was discovered in December 2023 by researchers at Binarly.[1][2]

LogoFAIL
CVE identifier(s)CVE-2023-40238
DiscovererBinarly
Affected hardwareMotherboard firmware with TianoCore EDK II, including Insyde InsydeH2O, AMI, and Phoenix firmware

Description

The vulnerability exists when the Driver Execution Environment (DXE) is active after a successful Power On Self Test (POST) in the UEFI firmware (also known as the BIOS). The UEFI's boot logo is replaced with the exploit payload at this point, and the exploit can then take control of the system.[2]

Patches

Intel patched the issue in Intel Management Engine (ME) version 16.1.30.2307 in December 2023. AMD addressed the problem in AGESA version 1.2.0.b, although some motherboard manufacturers did not include the fix under AGESA 1.2.0.c.[3]

References


Retrieved from "https:https://www.search.com.vn/wiki/index.php?lang=en&q=LogoFAIL&oldid=1225413728"
🔥 Top keywords: Main PageSpecial:SearchPage 3Wikipedia:Featured picturesHouse of the DragonUEFA Euro 2024Bryson DeChambeauJuneteenthInside Out 2Eid al-AdhaCleopatraDeaths in 2024Merrily We Roll Along (musical)Jonathan GroffJude Bellingham.xxx77th Tony AwardsBridgertonGary PlauchéKylian MbappéDaniel RadcliffeUEFA European Championship2024 ICC Men's T20 World CupUnit 731The Boys (TV series)Rory McIlroyN'Golo KantéUEFA Euro 2020YouTubeRomelu LukakuOpinion polling for the 2024 United Kingdom general electionThe Boys season 4Romania national football teamNicola CoughlanStereophonic (play)Gene WilderErin DarkeAntoine GriezmannProject 2025