FwHunt icon indicating copy to clipboard operation
FwHunt copied to clipboard

Published 20 hours ago verified publisher icon binarly-io

Rules for LogoFAIL

Open sustmi opened this issue 1 year ago • 5 comments

Since the LogoFAIL vulnerability was publicly disclosed a month ago will there be rules for FwHunt, too?

Also, I can see that pages https://binarly.io/advisories/BRLY-2023-006/ and https://binarly.io/advisories/BRLY-2023-018/ are not available (displays "NoSuchKey" / "The specified key does not exist" errors).

I noticed that eg. Lenovo plans to release BIOS updates in February or even March of 2024 (according to "Target availability" column). Is it still too soon to publish these informations? If so, can you clarify what is the disclosure policy for this?

sustmi avatar Jan 06 '24 08:01 sustmi

I am also interested in these rules. Since framework already published a firmware update, I wanted to verify that their LogoFail fix is working: https://community.frame.work/t/12th-gen-intel-core-bios-3-08-beta-release/43244

simon-pau avatar Jan 20 '24 14:01 simon-pau

LogoFAIL advisories are now released! It took a bit longer because of the massive number of unfixed devices

matrosov avatar Jan 24 '24 01:01 matrosov

Well, the main topic of this issue was the FwHunt rules, but thank you for letting me know about the released advisories. I will look into them to see if I am able to check my BIOS modules for the LogoFAIL vulnerability manually.

sustmi avatar Jan 24 '24 08:01 sustmi

Can you please reopen, since this is about the Rules for LogoFAIL?

simon-pau avatar Feb 04 '24 16:02 simon-pau

Currently, LogoFAIL rules are accessible in two formats on public service FwHunt.RUN and as a part Binarly Transparency Platform. We're also planning to release the FwHunt public rules later this year. Stay tuned!

matrosov avatar Feb 04 '24 23:02 matrosov