Researchers discover exploitation code that uses LogoFAIL UEFI flaw
Take action: This is no longer some theory. There is an exploit, so if you are using a Lenovo laptop, update your UEFI/Firmware ASAP. If you own any other vendor, ALSO update your UEFI/Firmware ASAP, because it's a matter of time before the attack code is modified for your model. Since the vulnerability exists below the level of the operating system nothing apart from a patch protects you. In the meantime, keep your device physically secure and be very careful with running programs and opening emails.
Learn More
Researchers at Binarly are reporting active in-the-wild exploit targeting the LogoFAIL vulnerabilities.
The LogoFAIL flaw is linked to the Unified Extensible Firmware Interface (UEFI), which is running and shows the manufacturer's logo on the screen. Attackers can use the LogoFAIL flaws to replace the boot-up logo image with one containing malicious code, bypassing all antiviris controls.
This is no longer a theoretical threat. The malicious code specifically targets unpatched Linux devices by exploiting firmware vulnerabilities during the earliest boot stages.
The discovered code is being distributed through an internet-connected web server and appears to be production-ready. While no active exploitation has been confirmed, the maturity of the code indicates it could become a significant threat in the near future.
The code details indicates that the intended bootkit target device to Lenovo. At least 10 devices do not have a patched firmware. The list compliled by Binarly is below for full review.
Note that this code can be fairly easily modified to target other vendors, so patching (if possible) is a must.
|
|
Latest version matching |
Latest version |
||||
|
Device |
Version |
Release |
Latest |
Version |
Release |
Vulnerable to |
|
ideacentre-aio-3-24irh9 |
O6AKT1DA |
8/9/2024 |
YES |
O6AKT1DA |
8/9/2024 |
YES |
|
ideapad-1-14iau7 |
JKCN42WW |
10/10/2023 |
NO |
JKCN48WW |
10/18/2024 |
NO |
|
ideapad-1-15iru7 |
MCCN29WW |
11/8/2024 |
YES |
MCCN29WW |
11/8/2024 |
YES |
|
ideapad-5-14ial7 |
JLCN36WW |
10/23/2023 |
NO |
JLCN40WW |
10/21/2024 |
NO |
|
ideapad-5-15ial7 |
JBCN32WW |
11/7/2023 |
NO |
JBCN36WW |
8/9/2024 |
NO |
|
ideapad-5-pro-16iah7 |
J5CN33WW |
11/16/2023 |
NO |
J5CN37WW |
10/15/2024 |
NO |
|
ideapad-gaming-3-15iah7 |
JMCN44WW |
10/25/2023 |
NO |
JMCN48WW |
10/18/2024 |
NO |
|
ideapad-pro-5-14irh8 |
LJCN28WW |
12/22/2023 |
NO |
LJCN35WW |
9/26/2024 |
NO |
|
ideapad-pro-5-16irh8 |
KZCN46WW |
11/8/2024 |
YES |
KZCN46WW |
11/8/2024 |
YES |
|
ideapad-slim-3-14iah8 |
LTCN34WW |
8/21/2024 |
YES |
LTCN34WW |
8/21/2024 |
YES |
|
ideapad-slim-5-14iah8 |
LACN29WW |
10/12/2023 |
NO |
LACN37WW |
11/7/2024 |
NO |
|
legion-5-15iah7 |
J2CN56WW |
12/7/2023 |
NO |
J2CN57WW |
4/23/2024 |
NO |
|
legion-7-16iax7 |
K1CN48WW |
8/12/2024 |
YES |
K1CN48WW |
8/12/2024 |
YES |
|
legion-9-16irx8 |
MHCN37WW |
11/16/2023 |
NO |
MHME43WW |
7/29/2024 |
NO |
|
legion-9-16irx9 |
NXCN19WW |
7/17/2024 |
YES |
NXCN19WW |
7/17/2024 |
YES |
|
legion-pro-5-16irx8 |
KWCN42WW |
11/15/2023 |
NO |
KWCN46WW |
8/2/2024 |
NO |
|
legion-s7-16irh8 |
M0CN34WW |
11/1/2023 |
NO |
M0CN39WW |
10/21/2024 |
NO |
|
legion-slim-5-16irh8 |
M2CN29WW |
11/7/2023 |
NO |
M2CN35WW |
11/8/2024 |
NO |
|
lenovo-slim-7-14irp8 |
LGCN27WW |
2/2/2024 |
NO |
LGCN32WW |
11/5/2024 |
NO |
|
lenovo-slim-9-14iap7 |
J3CN54WW |
10/26/2023 |
NO |
J3CN57WW |
7/24/2024 |
NO |
|
lenovo-slim-pro-9-14irp8 |
MBCN32WW |
8/30/2024 |
YES |
MBCN32WW |
8/30/2024 |
YES |
|
lenovo-slim-pro-9-16irp8 |
KVCN37WW |
10/23/2023 |
NO |
KVCN42WW |
10/14/2024 |
NO |
|
lenovo-v14-g4-ian |
KUCN32WW |
12/7/2023 |
NO |
KUCN37WW |
8/20/2024 |
NO |
|
loq-15iax9e |
Q8CN12WW |
9/10/2024 |
YES |
Q8CN12WW |
9/10/2024 |
YES |
|
loq-15iax9 |
NECN23WW |
12/4/2023 |
NO |
NECN39WW |
10/14/2024 |
NO |
|
loq-15iax9i |
NFCN21WW |
12/1/2023 |
NO |
NFCN39WW |
10/21/2024 |
NO |
|
loq-15irh8 |
LZCN33WW |
12/27/2023 |
NO |
LZCN39WW |
11/19/2024 |
NO |
|
slim-7-14iap7 |
JHCN33WW |
11/27/2023 |
NO |
JHCN37WW |
8/22/2024 |
NO |
|
slim-7-16iah7 |
KMCN19WW |
11/16/2023 |
NO |
KMCN23WW |
10/15/2024 |
NO |
|
slim-7-carbon-13iap7 |
K2CN38WW |
11/16/2023 |
NO |
K2CN41WW |
6/7/2024 |
NO |
|
slim-7-carbon-13irp8 |
LDCN19WW |
6/7/2024 |
YES |
LDCN19WW |
6/7/2024 |
YES |
|
slim-7-prox-14iah7 |
HMCN47WW |
10/30/2023 |
NO |
HMCN50WW |
8/13/2024 |
NO |
|
thinkbook-14-g4-plus-iap |
HYCN47WW |
10/12/2023 |
NO |
HYCN51WW |
11/1/2024 |
NO |
|
thinkbook-16p-g4-irh |
LRCN42WW |
1/8/2024 |
NO |
LRCN45WW |
8/12/2024 |
NO |
|
thinkbook-plus-g3-iap |
K6CN33WW |
10/30/2023 |
NO |
K6CN37WW |
10/31/2024 |
NO |
|
thinkbook-plus-g4-iru |
LUCN35WW |
10/23/2023 |
NO |
LUCN42WW |
10/10/2024 |
NO |
|
yoga-7-14ial7 |
J1CN41WW |
12/11/2023 |
NO |
J1CN46WW |
11/21/2024 |
NO |
|
yoga-7-14irl8 |
LHCN21WW |
12/29/2023 |
NO |
LHCN26WW |
11/18/2024 |
NO |
|
yoga-9-14iap7 |
HNCN46WW |
12/8/2023 |
NO |
HNCN50WW |
8/20/2024 |
NO |
|
yoga-9-14irp8 |
L4CN23WW |
6/28/2024 |
NO |
L4CN24WW |
11/14/2024 |
YES |
|
yoga-aio-9-32irh8 |
O62KT24A |
8/8/2024 |
YES |
O62KT24A |
8/8/2024 |
YES |
|
yoga-book-9-13iru8 |
KXCN35WW |
10/30/2023 |
NO |
KXME39WW |
10/17/2024 |
NO |
|
yoga-pro-7-14irh8 |
LWCN25WW |
11/27/2023 |
NO |
LWCN30WW |
11/19/2024 |
NO |
|
yoga-slim-6-14iap8 |
KTCN40WW |
1/18/2024 |
NO |
KTCN44WW |
11/4/2024 |
NO |
|
yoga-slim-6-14irh8 |
N1CN07WW |
1/3/2024 |
NO |
N1CN13WW |
11/4/2024 |
NO |
|
yoga-slim-7-pro-14iah7 |
KRCN20WW |
2/8/2024 |
NO |
KRCN24WW |
9/4/2024 |
NO |