The recently uncovered 'Bootkitty' Linux UEFI bootkit exploits the LogoFAIL flaw, tracked as CVE-2023-40238, to target computers running on vulnerable

BootKitty UEFI malware exploits LogoFAIL to infect Linux systems

submited by
Style Pass
2024-12-02 19:00:06

The recently uncovered 'Bootkitty' Linux UEFI bootkit exploits the LogoFAIL flaw, tracked as CVE-2023-40238, to target computers running on vulnerable firmware.

This is confirmed by firmware security firm Binarly, which discovered LogoFAIL in November 2023 and warned about its potential to be used in actual attacks.

Bootkitty was discovered by ESET, who published a report last week, noting that it is the first UEFI bootkit specifically targeting Linux. However, at this time, it is more of an in-development UEFI malware that only works on specific Ubuntu versions, rather than a widespread threat.

LogoFAIL is a set of flaws in the image-parsing code of UEFI firmware images used by various hardware vendors, exploitable by malicious images or logos planted on the EFI System Partition (ESP).

"When these images are parsed during boot, the vulnerability can be triggered and an attacker-controlled payload can arbitrarily be executed to hijack the execution flow and bypass security features like Secure Boot, including hardware-based Verified Boot mechanisms," explained Binarly previously.

Leave a Comment