Cybersecurity firm uncovers LogoFAIL, a major UEFI flaw threatening Windows/Linux devices

Binarly's cybersecurity team has discovered a serious flaw, LogoFAIL, that impacts Windows and Linux machines. This vulnerability, located within the Unified Extensible Firmware Interface (UEFI), exposes millions of devices to firmware attacks, posing a considerable cybersecurity threat. The flaw allows hackers to run malicious code during the boot process, bypassing security measures like Secure Boot, Intel's Boot Guard and similar solutions. This execution stage renders antivirus and endpoint protection tools ineffective, as it happens when the manufacturer's logo is displayed and UEFI is operational.

UEFI has been recognized as a weak point for a while, with about two dozen flaws identified over time. This vulnerability allows attackers to exploit the system, impacting the entire x64 and ARM CPU ecosystem, and although the LogoFAIL attack is complex and requires prior access to the targeted device, once access is gained the exploitation of the vulnerability becomes easier. UEFI suppliers such as AMI, Insyde, Phoenix, and major device manufacturers like Lenovo, Dell, HP, as well as CPU manufacturers Intel and AMD, are susceptible.

LogoFAIL is tracked under several CVE identifiers, including CVE-2023-5058, CVE-2023-39538, CVE-2023-39539, and CVE-2023-40238, highlighting the severity and official recognition of the vulnerability in the Common Vulnerabilities and Exposures system. If you want more detailed information, you can visit the Binarly Research's page or the report from ARS Technica.