LogoFAIL: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
(37 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
{{Infobox VLN | |||
| name = LogoFAIL | |||
| image = logofail.png | |||
| caption = LogoFAIL logo by Binarly, Inc. | |||
| discovered = 2023 | |||
}} | |||
'''LogoFAIL''' is a vulnerability in [[Unified Extensible Firmware Interface|UEFI]]. | '''LogoFAIL''' is a vulnerability in [[Unified Extensible Firmware Interface|UEFI]]. | ||
Line 9: | Line 16: | ||
=== Scope === | === Scope === | ||
LogoFAIL affects almost all UEFI based systems, and thus most PCs built since 2011. | LogoFAIL affects almost all UEFI based systems, and thus most PCs built since 2011. It does not affect older [[BIOS]] based systems. LogoFAIL vulnerabilities can cause a system to be compromised in a way that is very hard - if not impossible - to detect. | ||
=== Security Response === | === Security Response === | ||
Line 16: | Line 23: | ||
=== Vulnerability Table === | === Vulnerability Table === | ||
The Vulnerable firmware is the last version of the firmware which was vulnerable. The Safe firmware is the first version that was patched - you should run that, or any later version. Seda recommends the latest firmware for your board. | |||
{| class="wikitable" style="margin:auto; text-align: center" | {| class="wikitable" style="margin:auto; text-align: center" | ||
|+ Seda's Enhancements Supported Devices | |+ Seda's Enhancements Supported Devices - Vulnerability to LogoFAIL | ||
|- | |- | ||
| | ! Mainboard !! Status !! Vulnerable !! Safe !! Link !! Notes | ||
| | |- | ||
! scope="row" colspan="6"| LEGACY | |||
|- | |||
| A8R-MVP | |||
| Not Vulnerable | | Not Vulnerable | ||
| N/A | | N/A | ||
| | | 0605 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/a8r-mvp/helpdesk_bios/}} | ||
| Not affected; legacy BIOS system. | |||
|- | |- | ||
| | | K8N-E Deluxe | ||
| Not Vulnerable | | Not Vulnerable | ||
| N/A | | N/A | ||
| | | 1012.007 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/us/supportonly/k8n-e%20deluxe/helpdesk_bios/}} | ||
| Not affected; legacy BIOS system. | |||
|- | |- | ||
| | | KGPE-D16 | ||
| Not Vulnerable | | Not Vulnerable | ||
| N/A | | N/A | ||
| | | 3309 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/supportonly/kgpe-d16/helpdesk_bios/}} | ||
| Not affected; legacy BIOS system. | |||
|- | |- | ||
| | ! scope="row" colspan="6"| 900 SERIES | ||
|- | |- | ||
| | | F2A85-M | ||
| | | Vulnerable | ||
| | | 6508 | ||
| | | | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/f2a85-m/helpdesk_bios/}} | ||
| | | No patch is expected for this board. | ||
|- | |- | ||
| | | 970 PRO GAMING/AURA | ||
| | | Patched | ||
| | | 1001 | ||
| | | 1101 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/970%20pro%20gaming-aura/helpdesk_bios/}} | ||
| | | Fixed by ASUS. | ||
|- | |- | ||
| | | TUF SABERTOOTH 990FX | ||
| | | Vulnerable | ||
| | | 1604 | ||
| | | | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/sabertooth%20990fx/helpdesk_bios/}} | ||
| | | No patch is expected for this board. | ||
|- | |- | ||
| | | TUF SABERTOOTH 990FX R2.0 | ||
| | | Patched | ||
| | | 2901 | ||
| | | 3001 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/sabertooth_990fx_r20/helpdesk_bios/}} | ||
| | | Fixed by ASUS. | ||
|- | |- | ||
| | | TUF SABERTOOTH 990FX R3.0 | ||
| | | Patched | ||
| | | 0216 | ||
| | | 0220 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/sabertooth%20990fx%20r3.0/helpdesk_bios/}} | ||
| | | Fixed by ASUS. | ||
|- | |- | ||
| | | ROG CROSSHAIR V FORMULA-Z | ||
| | | Patched | ||
| | | 2201 | ||
| | | 2401 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/crosshair_v_formulaz/helpdesk_bios/}} | ||
| | | Fixed by ASUS. | ||
|- | |- | ||
| | ! scope="row" colspan="6"| 300 SERIES | ||
|- | |- | ||
| | | PRIME A320M-E | ||
| | | Patched | ||
| | | 6210 | ||
| | | 6211 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/prime%20a320m-e/helpdesk_bios/}} | ||
| | | Fixed by ASUS. | ||
|- | |- | ||
| | | PRIME X399-A | ||
| | | Patched | ||
| | | 1601 | ||
| | | 1602 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/prime%20x399-a/helpdesk_bios/}} | ||
| | | Fixed by ASUS | ||
|- | |- | ||
| | | ROG STRIX X399-E GAMING | ||
| | | Patched | ||
| | | 1601 | ||
| | | 1602 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/rog%20strix%20x399-e%20gaming/helpdesk_bios/}} | ||
| | | Fixed by ASUS. | ||
|- | |- | ||
| | | ROG ZENITH EXTREME ALPHA | ||
| | | Patched | ||
| | | 2601 | ||
| | | 2701 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/rog%20zenith%20extreme%20alpha/helpdesk_bios/}} | ||
| | | Fixed by ASUS. | ||
|- | |- | ||
| | ! scope="row" colspan="6"| 400 SERIES | ||
|- | |- | ||
| | | TUF B450M-PLUS GAMING | ||
| | | Patched | ||
| | | 4401 | ||
| | | 4404 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/motherboards-components/motherboards/tuf-gaming/tuf-b450m-plus-gaming/helpdesk_bios}} | ||
| | | Fixed by ASUS. | ||
|- | |- | ||
| | | TUF GAMING B450M-PRO II | ||
| Vulnerable | | Vulnerable | ||
| | | 4401 | ||
| | | 4603 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/id/supportonly/tuf%20gaming%20b450m-pro%20ii/helpdesk_bios/}} | ||
| Fixed by ASUS. | |||
|- | |- | ||
| | | TUF X470-PLUS GAMING | ||
| | | Patched | ||
| | | 6210 | ||
| | | 6213 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/tuf%20x470-plus%20gaming/helpdesk_bios/}} | ||
| | | Fixed by ASUS. | ||
|- | |- | ||
| | ! scope="row" colspan="6"| 500 SERIES | ||
|- | |- | ||
| | | TUF GAMING A520M-PLUS | ||
| | | Patched | ||
| | | 3402 | ||
| | | 3407 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/motherboards-components/motherboards/tuf-gaming/tuf-gaming-a520m-plus/helpdesk_bios?model2Name=TUF-GAMING-A520M-PLUS}} | ||
| | | Fixed by ASUS. | ||
|- | |- | ||
| | | TUF GAMING A520M-PLUS WIFI | ||
| | | Patched | ||
| | | 3403 | ||
| | | 3405 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/motherboards-components/motherboards/tuf-gaming/tuf-gaming-a520m-plus-wifi/helpdesk_bios?model2Name=TUF-GAMING-A520M-PLUS-WIFI}} | ||
| | | Fixed by ASUS. | ||
|- | |- | ||
| | | TUF GAMING B550M-PLUS WIFI II | ||
| | | Patched | ||
| | | 3404 | ||
| | | 3405 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/motherboards-components/motherboards/tuf-gaming/tuf-gaming-b550m-plus-wifi-ii/helpdesk_bios}} | ||
| | | Fixed by ASUS. | ||
|- | |- | ||
| | | TUF GAMING X570-PLUS WIFI | ||
| | | Patched | ||
| | | 5003 | ||
| | | 5012 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/motherboards-components/motherboards/tuf-gaming/tuf-gaming-x570-plus-wi-fi/helpdesk_bios?model2Name=TUF-GAMING-X570-PLUS-WI-FI}} | ||
| | | Fixed by ASUS. | ||
|- | |- | ||
| | | ROG STRIX X570-E GAMING WIFI II | ||
| | | Patched | ||
| | | 5003 | ||
| | | 5004 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/rog%20strix%20x570-e%20gaming%20wifi%20ii/helpdesk_bios/}} | ||
| | | Fixed by ASUS. | ||
|- | |- | ||
| | ! scope="row" colspan="6"| NOTEBOOK/LAPTOP | ||
|- | |- | ||
| | | TUF GAMING FX705DY | ||
| Not Vulnerable | | Not Vulnerable | ||
| N/A | | N/A | ||
| | | 315 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/supportonly/fx705dy/helpdesk_bios/}} | ||
| ASUS reports this device is not affected. | |||
|- | |- | ||
| | | ZENBOOK 3 (UX390UAK) | ||
| Not Vulnerable | | Not Vulnerable | ||
| N/A | | N/A | ||
| | | 320 | ||
| | | {{cite web |title=Firmware Updates |url=https://www.asus.com/supportonly/ux390uak/helpdesk_bios/}} | ||
| ASUS reports this device is not affected. | |||
|- | |- | ||
| | | ZENBOOK 14 (UM425IA) | ||
| Not Vulnerable | |||
| Vulnerable | |||
| N/A | | N/A | ||
| 311 | |||
| {{cite web |title=Firmware Updates |url=https://www.asus.com/laptops/for-home/zenbook/zenbook-14-um425/helpdesk_bios?model2Name=Zenbook-14-UM425}} | |||
| ASUS reports this device is not affected. | |||
|- | |- | ||
|} | |} |
Latest revision as of 00:23, 18 March 2024
Discovered | 2023 |
---|---|
LogoFAIL is a vulnerability in UEFI.
Context
Discovery
LogoFAIL was discovered by Binarly Inc in late 2023.
Scope
LogoFAIL affects almost all UEFI based systems, and thus most PCs built since 2011. It does not affect older BIOS based systems. LogoFAIL vulnerabilities can cause a system to be compromised in a way that is very hard - if not impossible - to detect.
Security Response
This cannot be fully addressed in software. The only real fix is a firmware update.
Vulnerability Table
The Vulnerable firmware is the last version of the firmware which was vulnerable. The Safe firmware is the first version that was patched - you should run that, or any later version. Seda recommends the latest firmware for your board.
Mainboard | Status | Vulnerable | Safe | Link | Notes |
---|---|---|---|---|---|
LEGACY | |||||
A8R-MVP | Not Vulnerable | N/A | 0605 | "Firmware Updates". | Not affected; legacy BIOS system. |
K8N-E Deluxe | Not Vulnerable | N/A | 1012.007 | "Firmware Updates". | Not affected; legacy BIOS system. |
KGPE-D16 | Not Vulnerable | N/A | 3309 | "Firmware Updates". | Not affected; legacy BIOS system. |
900 SERIES | |||||
F2A85-M | Vulnerable | 6508 | "Firmware Updates". | No patch is expected for this board. | |
970 PRO GAMING/AURA | Patched | 1001 | 1101 | "Firmware Updates". | Fixed by ASUS. |
TUF SABERTOOTH 990FX | Vulnerable | 1604 | "Firmware Updates". | No patch is expected for this board. | |
TUF SABERTOOTH 990FX R2.0 | Patched | 2901 | 3001 | "Firmware Updates". | Fixed by ASUS. |
TUF SABERTOOTH 990FX R3.0 | Patched | 0216 | 0220 | "Firmware Updates". | Fixed by ASUS. |
ROG CROSSHAIR V FORMULA-Z | Patched | 2201 | 2401 | "Firmware Updates". | Fixed by ASUS. |
300 SERIES | |||||
PRIME A320M-E | Patched | 6210 | 6211 | "Firmware Updates". | Fixed by ASUS. |
PRIME X399-A | Patched | 1601 | 1602 | "Firmware Updates". | Fixed by ASUS |
ROG STRIX X399-E GAMING | Patched | 1601 | 1602 | "Firmware Updates". | Fixed by ASUS. |
ROG ZENITH EXTREME ALPHA | Patched | 2601 | 2701 | "Firmware Updates". | Fixed by ASUS. |
400 SERIES | |||||
TUF B450M-PLUS GAMING | Patched | 4401 | 4404 | "Firmware Updates". | Fixed by ASUS. |
TUF GAMING B450M-PRO II | Vulnerable | 4401 | 4603 | "Firmware Updates". | Fixed by ASUS. |
TUF X470-PLUS GAMING | Patched | 6210 | 6213 | "Firmware Updates". | Fixed by ASUS. |
500 SERIES | |||||
TUF GAMING A520M-PLUS | Patched | 3402 | 3407 | "Firmware Updates". | Fixed by ASUS. |
TUF GAMING A520M-PLUS WIFI | Patched | 3403 | 3405 | "Firmware Updates". | Fixed by ASUS. |
TUF GAMING B550M-PLUS WIFI II | Patched | 3404 | 3405 | "Firmware Updates". | Fixed by ASUS. |
TUF GAMING X570-PLUS WIFI | Patched | 5003 | 5012 | "Firmware Updates". | Fixed by ASUS. |
ROG STRIX X570-E GAMING WIFI II | Patched | 5003 | 5004 | "Firmware Updates". | Fixed by ASUS. |
NOTEBOOK/LAPTOP | |||||
TUF GAMING FX705DY | Not Vulnerable | N/A | 315 | "Firmware Updates". | ASUS reports this device is not affected. |
ZENBOOK 3 (UX390UAK) | Not Vulnerable | N/A | 320 | "Firmware Updates". | ASUS reports this device is not affected. |
ZENBOOK 14 (UM425IA) | Not Vulnerable | N/A | 311 | "Firmware Updates". | ASUS reports this device is not affected. |