Thanks to AMD’sAGESA updates, its motherboard partners have started rolling out BIOS updates containing a fix to protect the BIOS from LogoFAIL, asecurityflaw that allows the UEFI boot screen to be hijacked. LogoFAIL was discovered inDec. 2023.
Intel patched this vulnerability with Intel ME Version 16.10-06-2025 the same month it was reported. Although the issue was resolved by AMD’s AGESA Version 1.2.0.b a few months ago, AMD released the latest ‘c’ version, which includes fixes for other vulnerabilities,a few weeks ago. As a result, some motherboard vendors, such as Gigabyte, have started releasing BIOS updates with the AGESA ‘b’ variation for someAMDchipsets, whileAsusandMSIreleased BIOS updates with the latest AGESA update.
Motherboard makers have yet to release BIOS updates for any of these AGESA versions for X670 chipsets.
How does LogoFAIL work?
LogoFAIL is platform-agnostic flaw — it affects both Intel and AMD platforms with BIOS made by independent BIOS vendors such as AMI, Phoenix, and Insyde. Because the exploit occurs before the OS and is not stored in the storage drive, it’s not possible for conventional anti-malware tools to detect or remove it.
When Binarly reported the exploit, it made the following observations:
The US-based National Institute of Standards and Technology also published information on LogoFAIL in its National Vulnerable Database,filed under CVE-2023-40238for Insyde,CVE-2023-39538for AMI, andCVE-2023-5058for Phoenix Technologies.
Once LogoFAIL infects the BIOS’s customizable images, it takes advantage of the security flaw during the DXE (Driver Execution Environment) phase. This allows it to bypass the CPU and OS security protocols and checks and install a bootkit without being detected. This affected both motherboards made by component makers and OEM motherboards; the demo used an 11th-generation CPU-based Lenovo ThinkCentre M720s.
Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.
The State of New BIOS Rollouts
Lenovo has not yet released thelatest UEFIthat includes the LogoFAIL patch. Some OEMs, such asDell, do not allow UEFI logos to be changed (the images are protected by Image Boot Guard). Mac systems, even older units with Intel CPUs, have logo images hard-coded into the UEFI and are therefore protected from the LogoFAIL exploit.
Subsequently, motherboard vendors need to proactively release BIOS updates once the respective IBVs include the latest patch. The ‘b’ variant addresses the LogoFAIL exploit, but the new AGESA version 1.2.0.c also addressesthe Zenbleed vulnerability(discovered July 2023). Therefore, Gigabyte will need to roll out another BIOS update with the latest firmware for its AM4 platform as well as BIOS updates for its x670 motherboards.
Roshan Ashraf Shaikh has been in the Indian PC hardware community since the early 2000s and has been building PCs, contributing to many Indian tech forums, & blogs. He operated Hardware BBQ for 11 years and wrote news for eTeknix & TweakTown before joining Tom’s Hardware team. Besides tech, he is interested in fighting games, movies, anime, and mechanical watches.
