Vulnerability cyber

Lenovo

Dec 8, 2024 1 min read
Lenovo

Lenovo devices running on vulnerable Insyde firmware were targeted by the BootKitty Linux UEFI bootkit exploiting the LogoFAIL flaws (CVE-2023-40238). BootKitty bypassed UEFI Secure Boot by injecting rogue certificates and exploiting vulnerabilities in UEFI image-parsing components through tampered BMP files. The bootkit was capable of disabling kernel signature verification, preloading malicious binaries, and targeting specific Ubuntu versions. Despite available security patches, many devices remained at risk. The incident served as a reminder of the dangers associated with unaddressed vulnerabilities and the importance of timely updates to safeguard devices in the field.

Source: https://securityaffairs.com/171606/malware/bootkitty-logofail-flaws.html

TPRM report: https://scoringcyber.rankiteo.com/company/lenovo

"id": "len001120824",
"linkid": "lenovo",
"type": "Vulnerability",
"date": "12/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Lenovo',
                        'type': 'Corporation'}],
 'attack_vector': 'UEFI Secure Boot Bypass',
 'description': 'Lenovo devices running on vulnerable Insyde firmware were '
                'targeted by the BootKitty Linux UEFI bootkit exploiting the '
                'LogoFAIL flaws (CVE-2023-40238). BootKitty bypassed UEFI '
                'Secure Boot by injecting rogue certificates and exploiting '
                'vulnerabilities in UEFI image-parsing components through '
                'tampered BMP files. The bootkit was capable of disabling '
                'kernel signature verification, preloading malicious binaries, '
                'and targeting specific Ubuntu versions. Despite available '
                'security patches, many devices remained at risk. The incident '
                'served as a reminder of the dangers associated with '
                'unaddressed vulnerabilities and the importance of timely '
                'updates to safeguard devices in the field.',
 'impact': {'systems_affected': 'Lenovo devices'},
 'lessons_learned': 'The incident served as a reminder of the dangers '
                    'associated with unaddressed vulnerabilities and the '
                    'importance of timely updates to safeguard devices in the '
                    'field.',
 'threat_actor': 'BootKitty',
 'title': 'Lenovo Devices Targeted by BootKitty Linux UEFI Bootkit',
 'type': 'UEFI Bootkit',
 'vulnerability_exploited': 'LogoFAIL flaws (CVE-2023-40238)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.