Phoenix Technologies has been informed of a serious flaw in Phoenix SecureCore™ Technology™ 4, which is a BIOS firmware that provides advanced security features for various devices. The flaw exists in the processing of user-supplied splash screen during system boot, which can be exploited by an attacker. By supplying a malicious splash screen, the attacker can cause a denial-of-service attack or execute arbitrary code in the UEFI DXE phase, bypassing the Secure Boot mechanism and compromising the system integrity. Phoenix Technologies strongly recommends customers to update their firmware to the latest version and contact their hardware vendor as soon as possible to prevent any potential exploitation of this flaw. Please refer to CVE-2023-5058 for more details.
LogoFAIL was discovered and reported by BINARLY’s efiXplorer team.