LogoFAIL: Difference between revisions

From Seda's Enhancements
Jump to navigation Jump to search
No edit summary
 
(38 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Infobox VLN
| name = LogoFAIL
| image = logofail.png
| caption = LogoFAIL logo by Binarly, Inc.
| discovered = 2023
}}
'''LogoFAIL''' is a vulnerability in [[Unified Extensible Firmware Interface|UEFI]].
'''LogoFAIL''' is a vulnerability in [[Unified Extensible Firmware Interface|UEFI]].


Line 9: Line 16:
=== Scope ===
=== Scope ===


LogoFAIL affects almost all UEFI based systems, and thus most PCs built since 2011.
LogoFAIL affects almost all UEFI based systems, and thus most PCs built since 2011. It does not affect older [[BIOS]] based systems. LogoFAIL vulnerabilities can cause a system to be compromised in a way that is very hard - if not impossible - to detect.


=== Security Response ===
=== Security Response ===
Line 16: Line 23:


=== Vulnerability Table ===
=== Vulnerability Table ===
The Vulnerable firmware is the last version of the firmware which was vulnerable. The Safe firmware is the first version that was patched - you should run that, or any later version. Seda recommends the latest firmware for your board.


{| class="wikitable" style="margin:auto; text-align: center"
{| class="wikitable" style="margin:auto; text-align: center"
|+ Seda's Enhancements Supported Devices<br />Vulnerability to LogoFAIL
|+ Seda's Enhancements Supported Devices - Vulnerability to LogoFAIL
! Year !! System !! Status !! Official Patch !! Seda Patch !! Notes
|-
! Mainboard !! Status !! Vulnerable !! Safe !! Link !! Notes
|-
! scope="row" colspan="6"| LEGACY
|-
|-
| 2000
| A8R-MVP
| Mina
| Not Vulnerable
| Not Vulnerable
| N/A
| N/A
| N/A
| 0605
| N/A
| {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/a8r-mvp/helpdesk_bios/}}
| Not affected; legacy BIOS system.
|-
|-
| 2003
| K8N-E Deluxe
| Domino
| Not Vulnerable
| Not Vulnerable
| N/A
| N/A
| N/A
| 1012.007
| N/A
| {{cite web |title=Firmware Updates |url=https://www.asus.com/us/supportonly/k8n-e%20deluxe/helpdesk_bios/}}
| Not affected; legacy BIOS system.
|-
|-
| 2003
| KGPE-D16
| Iris
| Not Vulnerable
| Not Vulnerable
| N/A
| N/A
| N/A
| 3309
| N/A
| {{cite web |title=Firmware Updates |url=https://www.asus.com/supportonly/kgpe-d16/helpdesk_bios/}}
| Not affected; legacy BIOS system.
|-
|-
| 2004
! scope="row" colspan="6"| 900 SERIES
| Hachi
| Not Vulnerable
| N/A
| N/A
| N/A
|-
|-
| 2005
| F2A85-M
| Heidi
| Vulnerable
| Not Vulnerable
| 6508
| N/A
|  
| N/A
| {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/f2a85-m/helpdesk_bios/}}
| N/A
| No patch is expected for this board.
|-
|-
| 2006
| 970 PRO GAMING/AURA
| Misaki
| Patched
| Not Vulnerable
| 1001
| N/A
| 1101
| N/A
| {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/970%20pro%20gaming-aura/helpdesk_bios/}}
| N/A
| Fixed by ASUS.
|-
|-
| 2007
| TUF SABERTOOTH 990FX
| Delilah
| Vulnerable
| Not Vulnerable
| 1604
| N/A
|
| N/A
| {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/sabertooth%20990fx/helpdesk_bios/}}
| N/A
| No patch is expected for this board.
|-
|-
| 2008
| TUF SABERTOOTH 990FX R2.0
| Daisy
| Patched
| Not Vulnerable
| 2901
| N/A
| 3001
| N/A
| {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/sabertooth_990fx_r20/helpdesk_bios/}}
| N/A
| Fixed by ASUS.
|-
|-
| 2008
| TUF SABERTOOTH 990FX R3.0
| Hitomi
| Patched
| Not Vulnerable
| 0216
| N/A
| 0220
| N/A
| {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/sabertooth%20990fx%20r3.0/helpdesk_bios/}}
| N/A
| Fixed by ASUS.
|-
|-
| 2008
| ROG CROSSHAIR V FORMULA-Z
| Xianghua
| Patched
| Not Vulnerable
| 2201
| N/A
| 2401
| N/A
| {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/crosshair_v_formulaz/helpdesk_bios/}}
| N/A
| Fixed by ASUS.
|-
|-
| 2011
! scope="row" colspan="6"| 300 SERIES
| Venus
| Vulnerable
| No
| Researching
| No official patch expected.
|-
|-
| 2012
| PRIME A320M-E
| Annabelle
| Patched
| Vulnerable
| 6210
| No
| 6211
| Researching
| {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/prime%20a320m-e/helpdesk_bios/}}
| No official patch expected.
| Fixed by ASUS.
|-
|-
| 2012
| PRIME X399-A
| Jinx
| Patched
| Vulnerable
| 1601
| No
| 1602
| Not planned
| {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/prime%20x399-a/helpdesk_bios/}}
| N/A
| Fixed by ASUS
|-
|-
| 2012
| ROG STRIX X399-E GAMING
| Valerie
| Patched
| Vulnerable
| 1601
| No
| 1602
| Researching
| {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/rog%20strix%20x399-e%20gaming/helpdesk_bios/}}
| No official patch expected.
| Fixed by ASUS.
|-
|-
| 2012
| ROG ZENITH EXTREME ALPHA
| Zagara
| Patched
| Not vulnerable
| 2601
| N/A
| 2701
| N/A
| {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/rog%20zenith%20extreme%20alpha/helpdesk_bios/}}
| N/A
| Fixed by ASUS.
|-
|-
| 2013
! scope="row" colspan="6"| 400 SERIES
| Belladonna
| Vulnerable
| No
| Researching
| No official patch expected.
|-
|-
| 2013
| TUF B450M-PLUS GAMING
| Chia
| Patched
| Vulnerable
| 4401
| No
| 4404
| Not planned
| {{cite web |title=Firmware Updates |url=https://www.asus.com/motherboards-components/motherboards/tuf-gaming/tuf-b450m-plus-gaming/helpdesk_bios}}
| Not possible to fix.
| Fixed by ASUS.
|-
|-
| 2013
| TUF GAMING B450M-PRO II
| Claire
| Vulnerable
| Vulnerable
| No
| 4401
| Researching
| 4603
| No official patch expected.
| {{cite web |title=Firmware Updates |url=https://www.asus.com/id/supportonly/tuf%20gaming%20b450m-pro%20ii/helpdesk_bios/}}
| Fixed by ASUS.
|-
|-
| 2013
| TUF X470-PLUS GAMING
| Dawn
| Patched
| Vulnerable
| 6210
| No
| 6213
| Researching
| {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/tuf%20x470-plus%20gaming/helpdesk_bios/}}
| No official patch expected.
| Fixed by ASUS.
|-
|-
| 2013
! scope="row" colspan="6"| 500 SERIES
| Emily
| Vulnerable
| No
| Researching
| No official patch expected.
|-
|-
| 2013
| TUF GAMING A520M-PLUS
| Hazel
| Patched
| Vulnerable
| 3402
| No
| 3407
| Researching
| {{cite web |title=Firmware Updates |url=https://www.asus.com/motherboards-components/motherboards/tuf-gaming/tuf-gaming-a520m-plus/helpdesk_bios?model2Name=TUF-GAMING-A520M-PLUS}}
| No official patch expected.
| Fixed by ASUS.
|-
|-
| 2013
| TUF GAMING A520M-PLUS WIFI
| Ivy
| Patched
| Vulnerable
| 3403
| No
| 3405
| Researching
| {{cite web |title=Firmware Updates |url=https://www.asus.com/motherboards-components/motherboards/tuf-gaming/tuf-gaming-a520m-plus-wifi/helpdesk_bios?model2Name=TUF-GAMING-A520M-PLUS-WIFI}}
| No official patch expected.
| Fixed by ASUS.
|-
|-
| 2013
| TUF GAMING B550M-PLUS WIFI II
| Jaenelle
| Patched
| Vulnerable
| 3404
| No
| 3405
| Researching
| {{cite web |title=Firmware Updates |url=https://www.asus.com/motherboards-components/motherboards/tuf-gaming/tuf-gaming-b550m-plus-wifi-ii/helpdesk_bios}}
| No official patch expected.
| Fixed by ASUS.
|-
|-
| 2013
| TUF GAMING X570-PLUS WIFI
| Jennifer
| Patched
| Vulnerable
| 5003
| No
| 5012
| Researching
| {{cite web |title=Firmware Updates |url=https://www.asus.com/motherboards-components/motherboards/tuf-gaming/tuf-gaming-x570-plus-wi-fi/helpdesk_bios?model2Name=TUF-GAMING-X570-PLUS-WI-FI}}
| No official patch expected.
| Fixed by ASUS.
|-
|-
| 2013
| ROG STRIX X570-E GAMING WIFI II
| Kate
| Patched
| Vulnerable
| 5003
| No
| 5004
| Researching
| {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/rog%20strix%20x570-e%20gaming%20wifi%20ii/helpdesk_bios/}}
| No official patch expected.
| Fixed by ASUS.
|-
|-
| 2013
! scope="row" colspan="6"| NOTEBOOK/LAPTOP
| Lucy
| Vulnerable
| Not planned
| Researching
| Not possible to fix.
|-
|-
| 2013
| TUF GAMING FX705DY
| Psylocke
| Not Vulnerable
| Not Vulnerable
| N/A
| N/A
| 315
| {{cite web |title=Firmware Updates |url=https://www.asus.com/supportonly/fx705dy/helpdesk_bios/}}
| ASUS reports this device is not affected.
|-
| ZENBOOK 3 (UX390UAK)
| Not Vulnerable
| N/A
| N/A
| N/A
| 320
| {{cite web |title=Firmware Updates |url=https://www.asus.com/supportonly/ux390uak/helpdesk_bios/}}
| ASUS reports this device is not affected.
|-
|-
| 2013
| ZENBOOK 14 (UM425IA)
| Seraphine
| Not Vulnerable
| Not Vulnerable
| N/A
| N/A
| N/A
| 311
| N/A
| {{cite web |title=Firmware Updates |url=https://www.asus.com/laptops/for-home/zenbook/zenbook-14-um425/helpdesk_bios?model2Name=Zenbook-14-UM425}}
| ASUS reports this device is not affected.
|-
|-
| 2013
| Sophie
| Vulnerable
| No
| Researching
| No official patch expected.
|}
|}

Latest revision as of 00:23, 18 March 2024

LogoFAIL logo by Binarly, Inc.
Discovered2023


LogoFAIL is a vulnerability in UEFI.

Context

Discovery

LogoFAIL was discovered by Binarly Inc in late 2023.

Scope

LogoFAIL affects almost all UEFI based systems, and thus most PCs built since 2011. It does not affect older BIOS based systems. LogoFAIL vulnerabilities can cause a system to be compromised in a way that is very hard - if not impossible - to detect.

Security Response

This cannot be fully addressed in software. The only real fix is a firmware update.

Vulnerability Table

The Vulnerable firmware is the last version of the firmware which was vulnerable. The Safe firmware is the first version that was patched - you should run that, or any later version. Seda recommends the latest firmware for your board.

Seda's Enhancements Supported Devices - Vulnerability to LogoFAIL
Mainboard Status Vulnerable Safe Link Notes
LEGACY
A8R-MVP Not Vulnerable N/A 0605 "Firmware Updates". Not affected; legacy BIOS system.
K8N-E Deluxe Not Vulnerable N/A 1012.007 "Firmware Updates". Not affected; legacy BIOS system.
KGPE-D16 Not Vulnerable N/A 3309 "Firmware Updates". Not affected; legacy BIOS system.
900 SERIES
F2A85-M Vulnerable 6508 "Firmware Updates". No patch is expected for this board.
970 PRO GAMING/AURA Patched 1001 1101 "Firmware Updates". Fixed by ASUS.
TUF SABERTOOTH 990FX Vulnerable 1604 "Firmware Updates". No patch is expected for this board.
TUF SABERTOOTH 990FX R2.0 Patched 2901 3001 "Firmware Updates". Fixed by ASUS.
TUF SABERTOOTH 990FX R3.0 Patched 0216 0220 "Firmware Updates". Fixed by ASUS.
ROG CROSSHAIR V FORMULA-Z Patched 2201 2401 "Firmware Updates". Fixed by ASUS.
300 SERIES
PRIME A320M-E Patched 6210 6211 "Firmware Updates". Fixed by ASUS.
PRIME X399-A Patched 1601 1602 "Firmware Updates". Fixed by ASUS
ROG STRIX X399-E GAMING Patched 1601 1602 "Firmware Updates". Fixed by ASUS.
ROG ZENITH EXTREME ALPHA Patched 2601 2701 "Firmware Updates". Fixed by ASUS.
400 SERIES
TUF B450M-PLUS GAMING Patched 4401 4404 "Firmware Updates". Fixed by ASUS.
TUF GAMING B450M-PRO II Vulnerable 4401 4603 "Firmware Updates". Fixed by ASUS.
TUF X470-PLUS GAMING Patched 6210 6213 "Firmware Updates". Fixed by ASUS.
500 SERIES
TUF GAMING A520M-PLUS Patched 3402 3407 "Firmware Updates". Fixed by ASUS.
TUF GAMING A520M-PLUS WIFI Patched 3403 3405 "Firmware Updates". Fixed by ASUS.
TUF GAMING B550M-PLUS WIFI II Patched 3404 3405 "Firmware Updates". Fixed by ASUS.
TUF GAMING X570-PLUS WIFI Patched 5003 5012 "Firmware Updates". Fixed by ASUS.
ROG STRIX X570-E GAMING WIFI II Patched 5003 5004 "Firmware Updates". Fixed by ASUS.
NOTEBOOK/LAPTOP
TUF GAMING FX705DY Not Vulnerable N/A 315 "Firmware Updates". ASUS reports this device is not affected.
ZENBOOK 3 (UX390UAK) Not Vulnerable N/A 320 "Firmware Updates". ASUS reports this device is not affected.
ZENBOOK 14 (UM425IA) Not Vulnerable N/A 311 "Firmware Updates". ASUS reports this device is not affected.
Retrieved from "https://wiki.affsdiary.com:443/index.php?title=LogoFAIL&oldid=1140"