LogoFAIL: Difference between revisions

From Seda's Enhancements
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
{{Infobox VLN
| name = LogoFAIL
| image = logofail.png
| caption = LogoFAIL logo by Binarly, Inc.
| discovered = 2023
}}
'''LogoFAIL''' is a vulnerability in [[Unified Extensible Firmware Interface|UEFI]].
'''LogoFAIL''' is a vulnerability in [[Unified Extensible Firmware Interface|UEFI]].


Line 9: Line 16:
=== Scope ===
=== Scope ===


LogoFAIL affects almost all UEFI based systems, and thus most PCs built since 2011.
LogoFAIL affects almost all UEFI based systems, and thus most PCs built since 2011. It does not affect older [[BIOS]] based systems. LogoFAIL vulnerabilities can cause a system to be compromised in a way that is very hard - if not impossible - to detect.


=== Security Response ===
=== Security Response ===
Line 16: Line 23:


=== Vulnerability Table ===
=== Vulnerability Table ===
The Fixed Firmware indicates the first version of firmware with a fix included. You should run that, or any later version. Seda recommends the latest firmware for your board.


{| class="wikitable" style="margin:auto; text-align: center"
{| class="wikitable" style="margin:auto; text-align: center"
|+ Seda's Enhancements Supported Devices<br />Vulnerability to LogoFAIL
|+ Seda's Enhancements Supported Devices - Vulnerability to LogoFAIL
! Year !! System !! Status !! Official Patch !! Seda Patch !! Notes
! Mainboard !! Status !! Latest Firmware !! Fixed Firmware !! Link !! Notes
|-
|-
| 2000
| PRIME A320M-E
| Mina
| Patched
| Not Vulnerable
| 6211
| N/A
| 6211
| N/A
| {{cite web |title=Firmware Updates |url=https://www.asus.com/au/supportonly/prime%20a320m-e/helpdesk_bios/}}
| N/A
|  
|-
|-
| 2003
| TUF SABERTOOTH 990FX
| Domino
| Not Vulnerable
| N/A
| N/A
| N/A
|-
| 2003
| Iris
| Not Vulnerable
| N/A
| N/A
| N/A
|-
| 2004
| Hachi
| Not Vulnerable
| N/A
| N/A
| N/A
|-
| 2005
| Heidi
| Not Vulnerable
| N/A
| N/A
| N/A
|-
| 2006
| Misaki
| Not Vulnerable
| N/A
| N/A
| N/A
|-
| 2007
| Delilah
| Not Vulnerable
| N/A
| N/A
| N/A
|-
| 2008
| Daisy
| Not Vulnerable
| N/A
| N/A
| N/A
|-
| 2008
| Hitomi
| Not Vulnerable
| N/A
| N/A
| N/A
|-
| 2008
| Xianghua
| Not Vulnerable
| N/A
| N/A
| N/A
|-
| 2011
| Venus
| Vulnerable
| No
| Fix Available
| Seda Firmware Release 20240201
|-
| 2012
| Annabelle
| Vulnerable
| No
| Fix Available
| Seda Firmware Release 20240201
|-
| 2012
| Jinx
| Vulnerable
| Vulnerable
| No
| 1604
| Not planned
|
| N/A
| {{cite web |title=Firmware Updates |url=https://www.asus.com/us/supportonly/sabertooth%20990fx/helpdesk_bios/}}
| No patch is expected for this board.
|-
|-
| 2012
| TUF SABERTOOTH 990FX R2.0
| Valerie
| Vulnerable
| Vulnerable
| No
| 2901
| Researching
|
| No official patch expected.
| {{cite web |title=Firmware Updates |url=https://www.asus.com/uk/supportonly/sabertooth_990fx_r20/helpdesk_bios/}}
|-
| No patch is expected for this board.
| 2012
| Zagara
| Not vulnerable
| N/A
| N/A
| N/A
|-
|-
| 2013
| TUF SABERTOOTH 990FX R3.0
| Belladonna
| Vulnerable
| Vulnerable
| No
| 0216
| Fix Available
|
| Seda Firmware Release 20240201
| {{cite web |title=Firmware Updates |url=https://www.asus.com/ie/supportonly/sabertooth%20990fx%20r3.0/helpdesk_bios/}}
| No patch is expected for this board.
|-
|-
| 2013
| TUF GAMING B550M-PLUS WIFI II
| Chia
| Patched
| Vulnerable
| 3405
| No
| 3405
| Not planned
| {{cite web |title=Firmware Updates |url=https://www.asus.com/motherboards-components/motherboards/tuf-gaming/tuf-gaming-b550m-plus-wifi-ii/helpdesk_bios}}
| Not possible to fix.
|  
|-
| 2013
| Claire
| Vulnerable
| No
| Fix Available
| Seda Firmware Release 20240201
|-
| 2013
| Dawn
| Vulnerable
| No
| Researching
| No official patch expected.
|-
| 2013
| Emily
| Vulnerable
| No
| Researching
| No official patch expected.
|-
| 2013
| Hazel
| Vulnerable
| No
| Fix Available
| Seda Firmware Release 20240201
|-
| 2013
| Ivy
| Vulnerable
| No
| Fix Available
| Seda Firmware Release 20240201
|-
| 2013
| Jaenelle
| Vulnerable
| No
| Researching
| No official patch expected.
|-
| 2013
| Jennifer
| Vulnerable
| No
| Fix Available
| Seda Firmware Release 20240201
|-
| 2013
| Kate
| Vulnerable
| No
| Fix Available
| Seda Firmware Release 20240201
|-
| 2013
| Lucy
| Vulnerable
| No
| Not planned
| Not possible to fix.
|-
| 2013
| Psylocke
| Not Vulnerable
| N/A
| N/A
| N/A
|-
| 2013
| Seraphine
| Not Vulnerable
| N/A
| N/A
| N/A
|-
| 2013
| Sophie
| Vulnerable
| No
| Fix Available
| Seda Firmware Release 20240201
|-
| 2014
| Primus
| Vulnerable
| No
| Partial fix available
| No official patch expected.
|-
| 2015
| Evelynn
| Not vulnerable
| N/A
| N/A
| N/A
|-
| 2016
| Grace
| Vulnerable
| No
| Partial fix available
| N/A
|-
| 2017
| Ahri
| Vulnerable
| No
| Pending
| Waiting to see if an official patch comes out.
|-
| 2017
| WalletRipper
| Vulnerable
| No
| Fix Available
| Seda Firmware Release 20240125
|-
| 2018
| Alice
| Vulnerable
| No
| Pending
| Waiting to see if an official patch comes out.
|-
| 2018
| Lily
| Vulnerable
| No
| Pending
| Waiting to see if an official patch comes out.
|-
| 2018
| Raven
| Vulnerable
| No
| Pending
| Waiting to see if an official patch comes out.
|-
| 2019
| Amy
| Vulnerable
| No
| Researching
| No official patch expected.
|-
| 2019
| Jewel
| Vulnerable
| Yes
| Not Required
| Fixed by ASUS firmware update; update your firmware to 6211 or later ASAP.
|-
| 2021
| Crystal
| Vulnerable
| Yes
| Not Required
| Fixed by ASUS firmware update; update your firmware to 6211 or later ASAP.
|-
| 2021
| Hana
| Vulnerable
| Yes
| Not Required
| Fixed by ASUS firmware update; update your firmware to 3405 or later ASAP.
|-
| 2021
| Maggie
| Not vulnerable
| N/A
| N/A
| N/A
|-
| 2021
| Masuyo
| Vulnerable
| No
| Pending
| Waiting to see if an official patch comes out.
|}
|}

Revision as of 17:27, 24 January 2024

LogoFAIL logo by Binarly, Inc.
Discovered2023


LogoFAIL is a vulnerability in UEFI.

Context

Discovery

LogoFAIL was discovered by Binarly Inc in late 2023.

Scope

LogoFAIL affects almost all UEFI based systems, and thus most PCs built since 2011. It does not affect older BIOS based systems. LogoFAIL vulnerabilities can cause a system to be compromised in a way that is very hard - if not impossible - to detect.

Security Response

This cannot be fully addressed in software. The only real fix is a firmware update.

Vulnerability Table

The Fixed Firmware indicates the first version of firmware with a fix included. You should run that, or any later version. Seda recommends the latest firmware for your board.

Seda's Enhancements Supported Devices - Vulnerability to LogoFAIL
Mainboard Status Latest Firmware Fixed Firmware Link Notes
PRIME A320M-E Patched 6211 6211 "Firmware Updates".
TUF SABERTOOTH 990FX Vulnerable 1604 "Firmware Updates". No patch is expected for this board.
TUF SABERTOOTH 990FX R2.0 Vulnerable 2901 "Firmware Updates". No patch is expected for this board.
TUF SABERTOOTH 990FX R3.0 Vulnerable 0216 "Firmware Updates". No patch is expected for this board.
TUF GAMING B550M-PLUS WIFI II Patched 3405 3405 "Firmware Updates".
Retrieved from "https://wiki.affsdiary.com:443/index.php?title=LogoFAIL&oldid=1017"