LogoFail hack/threat...

After reading this I am left with some questions:

https://www.binarly.io/blog/finding-logofail-the-dangers-of-image-parsing-during-system-boot

First a short summary of what this is:

The firmware of many bios/uefi/motherboards contain sloppy C code for loading pictures/logos like JPEG/PNG/BMP. This sloppy C code allows a hacker to place a file/logo on the UEFI (special) system partition which may or may not be loaded by the bios/uefi/firmware of the motherboard.

During the image loading the sloppy/buggy C code allows the image data to overwrite other critical software instructions, like protocol related instructions, these are overwritten with "shell code" allowing the hacker to do anything else it wants with the system, for example run curl or cmd.exe and download subsequent software and comprise linux and window systems.

Chrome browser already contains a vunerability to allow protocol handlers/urls to execute cmd.exe via command line parsing mistakes of certain other applications maybe utorrent or wimamp, not saying these are vunerable but this is also an old drive by attack.

So 1 + 1 + 1 + 1 + 1 + 1 = 6. URL exploit + CMD.exe + batchfile + firmwarehack + blacklotus/similiar could comprise system fast (maybe also +python to enable this hack as in the demo).

This system vunerablity was discovered around december 2023 and was only recently disclossed, say 2 months ago or so. I didn't know about it because I was busy with other things, which I find a bit concerning but ok. Today I decided to check the ASRock forum to see if anything is going on with firmware and yup... need firmware available to combat this LogoFail...

Example:
https://www.asrock.com/mb/AMD/B650E%20Steel%20Legend%20WiFi/index.nl.asp#BIOS

"2. Patch UEFI LogoFail vulnerabilities."

Most recent firmware seems to be:

"
3.01     2024/5/15     15.17MB     
Update AMD AGESA 1.1.7.0 for Next Generation Ryzen??processors support.
"

However googling this agesa 1.1.6.0 version mention MSI and Gigabyte motherboard problems especially with build in iGPU of ryzen processors, leading to all kinds of weird things, like restarts, crashes, bsods, black screens, 1.5 gb of iGPU driver downloads.

The only thing I haven't really tested yet on this new superpc 2023 for me is the iGPU...

My ASRock motherboard Steel Legend Wifi 650B is still on BIOS version 1.28 and working beautifully so far.

Only thing I do notice is boot time is sometimes a bit strange, longer than normal and red lights start burning, but I am running default bios/uefi/firmware settings.

Anyway I have some questions about the way this motherboard works in relation to this potential attack vector, the link at the top of the posting mentions:

NVRam, which seems to be "non-volatile ram" which can store data. The article mentions the hacker could store a module inside of this nvram.

1. Does the ASRock Steel Legend 650B contain NVRam ? If so where is it stored, how can I see what is in it ? Where can I read more information about this technology in relation to motherboards, google/ai copilot did not turn up much yet, best was some older information from 2014... it's now 2024...

2. Would it be possible for the hacker to prevent re-flashing the firmware in the future in case the PC/motherboard/firmware was hacked ? Making it important to flash it now before such an event would occur...

3. Since firmware version 1.28 is working flawlessly for me, is it possible for ASRock to release a special updated firmware version 1.28 which patches this vunerability ?

This may offer an alternative in case the newer firmware versions are indeed buggy/problematic...