Email or username:

Password:

Forgot your password?
Dan's posts Post Back to profile
Top-level
Dan Goodin

A CERT coordination center has published an advisory on LogoFail, but unfortunately, it doesn't tell us much. It confirms that AMI, Insyde, Intel and Phoenix are affected and that Microsoft and Toshiba are not. But the remaining 20 companies are fall in the "unknown" category. One of the unknowns is Lenovo, which has already confirmed that it is affected.

Also, no CVEs.

¯_(ツ)_/¯

kb.cert.org/vuls/id/811862

6 Dec 2023 at 23:20 | Open on infosec.exchange
4 comments
Lauren Weinstein

@dangoodin I suspect we can count on most affected existing deployed machines never being patched for this. Firmware patches at that level are widely considered to be so risky that they are widely avoided, even for serious problems.

6 Dec 2023 at 23:27 | Open on mastodon.laurenweinstein.org
Ethan Black

@dangoodin I know my @system76 uses Insyde firmware... my machine is older but I hope I get a fix 🙏

7 Dec 2023 at 7:25 | Open on social.librem.one
System76 :popos: :ubuntu:

@golemwire @dangoodin since you can't change the logo in firmware this wouldn't effect your system.

8 Dec 2023 at 18:44 | Open on fosstodon.org
Go Up