CVE-2024-0762

[username34579]

hi! Tell me please, laptops with coreboot can be attacked by new malwares Black Lotus and Logofail?

CVE-2024-0762
https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/

CVE-2023-40238
https://nvd.nist.gov/vuln/detail/CVE-2023-40238

If coreboot is not susceptible to this attacks, then for what reasoned reasons and is there relevant research and evidence for this?

[pietrushnic]

Potentially partial duplicate of #615

[miczyg1]

hi! Tell me please, laptops with coreboot can be attacked by new malwares Black Lotus and Logofail?

CVE-2024-0762 https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/

The module with GUID E6A7A1CE-5881-4B49-80BE-69C91811685C is not present in Dasharo build. The vulnerability is specific to some custom proprietary module that handles the TCG2/TPM2 setup configuration. Thus Dasharo based on the EDK2 version of TCG2/TPM2 configuration module is not affected. Even the size of the TCG2_CONFIGURATION variable in EDK2 is different than in the code snippet in the link, which suggests that it is some different implementation.

CVE-2023-40238 https://nvd.nist.gov/vuln/detail/CVE-2023-40238

If coreboot is not susceptible to this attacks, then for what reasoned reasons and is there relevant research and evidence for this?

Dasharo does not use any image parsers in coreboot. To display the logo we use the EDK2 image parsers. As LogoFail is a set of various vulnerabilities in the image parsers, I can't fully deny nor confirm the parsers in EDK2 are not susceptible.

However, I have put a OVMF binary built from the EDK2 we use, which also includes the same image parser than our builds based on coreboot + EDK2 UEFI Payload, to the Binarly LogoFail checker. I took OVMF, because it can consume full UEFI images only.

It says it is not affected by the vulnerabilities. @username34579