When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

AMD firmware for LogoFAIL, which lets hacker get into any PC via boot logo, rolling out

Neowin · · Hot! with 14 comments

Windows logo on a black background with red circles

More and more AMD motherboard vendor partners are starting to roll out firmware updates that fix the ubiquitous LogoFAIL vulnerability. For example, Gigabyte's mid-range B550 offering, the Aorus Elite V2 recently received the update towards the end of last month.

The firmware notes say that the firmware has updated the AGESA (AMD Generic Encapsulated Software Architecture) to version 1.2.0.B, and also add that the LogoFAIL UEFI vulnerability has been patched.

B550 Aorus Elite V2

Firmware version: FF

  • Update AMD AGESA V2 1.2.0.B
  • Fix AMD processor vulnerabilities security
  • Addresses potential UEFI vulnerabilities. (LogoFAIL)

Other vendors like Asus, MSI, and ASRock, among others, are also beginning to roll out the patched firmware. It seems AMD, as always, is a bit late to the party as Intel has already begun to release patched firmware updates by December 2023 itself.

Keep in mind that this is not an AMD CPU issue as it affects firmware for both AMD and Intel systems.

In case you are wondering what LogoFAIL is, it is a security flaw in motherboard firmware discovered by the Binarly research team back in December last year. The flaw is simple yet a very effective one as threat actors could potentially abuse the availability of customizable image parsing options during the boot process. The vulnerability is tracked under CVE-2023-40238.

Binarly explains:

We found that certain vendors such as Lenovo, Intel and Acer allow users – and so attackers – to customize the logo shown during boot. It could be simply done via placing it into ESP (EFI System Partition) and adding or modifying certain variables in NVRAM, then rebooting the system. Administrator privileges are enough to perform this. In this case, hardware-based Verified Boot security features such as Intel Boot Guard or AMD Hardware-Validated Boot won’t protect against it since the logo is read outside the range covered by these.

Binarly also did additional research about the vulnerability and found many image parsers, across multiple BIOS vendors like Insyde, AMI, and Phoenix, have gone up over time, thus increasing the risk further:

... our research team looked at some of the vulnerabilities discovered by the Binarly Transparency Platform and found that the number of image parsers have significantly increased over the years.

  • Insyde-based firmware usually but not always contains parsers for BMP, GIF, JPEG, PCX, PNG, and TGA. Those are stored in separate modules called, e.g., BmpDecoderDxe
  • AMI-based firmware contains image parsers in a DXE module called AMITSE. Every firmware we analyzed contained between a single BMP parser (e.g., Dell firmware) to a set of parsers for BMP, PNG, JPEG, and GIF (e.g., Lenovo).
  • Phoenix-based firmware stores its parsers in a module called SystemImageDecoderDxe, and it can usually parse BMP, GIF, and JPEG.

You can find more technical details on Binarly's blog post.

Thanks for the tip, Eternal Tempest!!

Edit: Added clarification that this is not an AMD CPU-specific issue at the request of AMD.

Report a problem with article
The GItHub Copilot logo
Next Article

Unified Copilot experience will land in Visual Studio 17.10, due in May

Tux Linux vs Windows 11
Previous Article

Linux vs Windows AES performance to be intriguing as Google boosts AMD and Intel

Join the conversation!

Login or Sign Up to read and post a comment.

14 Comments - Add comment