[BRLY-2023-018] Multiple vulnerabilities in image parsing functions can be exploited by an attacker with local access.
Intel firmware allows end-users to customize the logo shown on the display of a device during boot. BINARLY REsearch team has uncovered multiple critical vulnerabilities in the libraries used to parse image data formats and thus logos. This vulnerability poses a high-severity risk as it introduces an unexplored attack surface that can be exploited by malicious actors with administrative access to a device. Our analysis over a dataset of Intel firmware identified 42 unique Intel products affected by this issue, including devices running firmware developed by American Megatrends. Given the systemic industry-wise scope of this vulnerability we will refer to it as LogoFAIL.