This articlemay be too technical for most readers to understand. Pleasehelp improve it tomake it understandable to non-experts, without removing the technical details.(May 2024) (Learn how and when to remove this message)

LogoFAIL is asecurity vulnerability andexploit thereof that affects computer motherboard firmware withTianoCore EDK II, includingInsyde Software's InsydeH2O modules and similar code in AMI and Phoenix firmware, which are commonly found on bothIntel andAMD motherboards, and which enable loading of custom boot logos. The exploit was discovered in December 2023 by researchers atBinarly.^[1][2]

The vulnerability exists when the Driver Execution Environment (DXE) is active after a successful Power On Self Test (POST) in theUEFI firmware (also known as the BIOS). The UEFI's boot logo is replaced with the exploit payload at this point, and the exploit can then take control of the system.^[2]

Intel patched the issue inIntel Management Engine (ME) version 16.1.30.2307 in December 2023. AMD addressed the problem in AGESA version 1.2.0.b, although some motherboard manufacturers did not include the fix under AGESA 1.2.0.c.^[3]

• CVE-2023-40238
• Binarly analysis of LogoFAIL

Thiscomputer security article is astub. You can help Wikipedia byexpanding it.

• v
• t
• e

• 2024 in computing
• Computer security exploits
• X86 architecture
• Computer security stubs

• Wikipedia articles that are too technical from May 2024
• All articles that are too technical
• Articles with short description
• Short description is different from Wikidata
• All stub articles