Nearly 200,000 Linux computers from U.S. manufacturer Framework shipped with a vulnerability allowing Secure Boot bypass. The issue stems from a 'memory modify' command in signed UEFI shells that can disable signature verification. Framework is addressing the problem through firmware updates.
On October 14, 2025, security firm Eclypsium disclosed a significant vulnerability in Framework's Linux systems, estimating that around 200,000 devices are affected. These include various models of Framework's modular laptops and desktops, known for their repairability. The flaw arises from including a 'memory modify' (mm) command in legitimately signed UEFI shells, which provides direct read/write access to system memory for diagnostics and debugging.
However, this command can be exploited to target the gSecurity2 variable, a key part of Secure Boot's signature verification process. By overwriting the gSecurity2 with NULL, attackers can disable checks, allowing unauthorized bootkits like BlackLotus, HybridPetya, and Bootkitty to load. These bootkits evade operating system security and persist even after reinstalls. The attack can be automated through startup scripts for persistence across reboots.
Eclypsium explained: "Once the address is identified, the mm command can overwrite the security handler pointer with NULL or redirect it to a function that always returns 'success' without performing any verification." They added: "This command writes zeros to the memory location containing the security handler pointer, effectively disabling signature verification for all subsequent module loads."
The issue is not due to a supply chain compromise but an oversight in including the risky command. Framework, a U.S.-based company, has begun remediation. Affected models and their fix statuses include:
- Framework 13 (11th Gen Intel): Fix planned in 3.24
- Framework 13 (12th Gen Intel): Fixed in 3.18, DBX update planned in 3.19
- Framework 13 (13th Gen Intel): Fixed in 3.08, DBX update issued in 3.09
- Framework 13 (Intel Core Ultra): Fixed in 3.06
- Framework 13 (AMD Ryzen 7040): Fixed in 3.16
- Framework 13 (AMD Ryzen AI 300): Fixed in 3.04, DBX update planned in 3.05
- Framework 16 (AMD Ryzen 7040): Fixed in 3.06 (Beta), DBX update issued in 3.07
- Framework Desktop (AMD Ryzen AI 300 MAX): Fixed in 3.01, DBX update planned in 3.03
Users should apply available updates promptly. For unpatched systems, recommendations include preventing physical access and deleting Framework's DB key via BIOS as a temporary measure.