Sign in Subscribe
News

200,000 Framework Laptops Vulnerable to Secure Boot Bypass

200,000 Framework Laptops Vulnerable to Secure Boot Bypass

Approximately 200,000 Linux-based systems from American manufacturer Framework were shipped with signed UEFI shell components that can be exploited to bypass Secure Boot protections.
Attackers could leverage this flaw to install bootkits capable of evading operating system–level defenses and persisting even after a full system reinstall.

Discovery and Root Cause

According to researchers at Eclypsium, the issue stems from the presence of the memory modify (mm) command in the legitimately signed UEFI shells distributed with Framework devices.

The mm command provides direct read and write access to system memory and is intended for low-level diagnostics and firmware debugging. However, in this case, it can be abused to break the Secure Boot chain of trust by manipulating the gSecurity2 variable — a critical element in the UEFI module signature verification process.

By overwriting gSecurity2 with a NULL value, an attacker can disable signature verification entirely, undermining Secure Boot integrity.
Eclypsium researchers further note that the exploit can be automated via autostart scripts, allowing the compromise to persist even after system reboot.

Framework’s Response

Framework clarified that the vulnerability is not the result of a cyberattack or code compromise but rather a configuration oversight during firmware preparation.
After being notified by Eclypsium, the company immediately began developing and releasing firmware updates to correct the issue.

Affected Devices and Fix Status

Eclypsium estimates that roughly 200,000 Framework devices are affected by the Secure Boot bypass flaw. The patch status for each model is as follows:

  • Framework 13 (11th Gen Intel) — Patch planned for version 3.24
  • Framework 13 (12th Gen Intel) — Fixed in version 3.18; DBX update planned for 3.19
  • Framework 13 (13th Gen Intel) — Fixed in version 3.08; DBX update released in 3.09
  • Framework 13 (Intel Core Ultra) — Fixed in version 3.06
  • Framework 13 (AMD Ryzen 7040) — Fixed in version 3.16
  • Framework 13 (AMD Ryzen AI 300) — Fixed in version 3.04; DBX update planned for 3.05
  • Framework 16 (AMD Ryzen 7040) — Fixed in version 3.06 (Beta); DBX update released in 3.07
  • Framework Desktop (AMD Ryzen AI 300 MAX) — Fixed in version 3.01; DBX update planned for 3.03

Mitigation and Recommendations

Users of affected devices should immediately install the available firmware updates.
If a patch has not yet been released, Eclypsium advises taking additional security precautions, such as:

  • Restricting physical access to vulnerable systems
  • Temporarily removing the Framework DB key via BIOS settings

These measures can reduce the risk of exploitation until permanent updates are applied.

Read next