Palante Security Advisory: LogoFAIL
Posted 12.07.2023
On December 6th a suite of Common Vulnerabilities and Exposures (CVE) were presented by the Binarly REsearch team during the European Black Hat 2023 conference. Dubbed “LogoFAIL”, the researchers demonstrated how computers with customizable boot logos can be compromised through specially crafted images designed to exploit vulnerabilities. Many vendors use custom boot images but, in most circumstances, these are hard coded and not replaceable. Some vendors (Lenovo, Acer, and Intel) do not lock this feature down and allow users to upload their own custom image. This is the route