Framework Laptop 13 Intel 12th Gen Core

Updating the firmware on your Framework Laptop device improves performance and adds new features.

Atom Feed

Version 0.0.3.19
2025-10-15 23:08:15

Added Framework’s dbx key and updated the default CA of Windows Secure Boot to Microsoft UEFI CA 2023.

Introduced Battery Charge Limiting status functionality to support Windows Smart Charging feature.

Fixed an issue where hardware encryption on OPAL drives could cause a missing boot drive on subsequent reboots.

Fixed the Wooting 80HE Keyboard is not working in the BIOS.

Urgency high
Reported Success 90% (high confidence)
Licenses
Security
  • Contains Intel Boot Guard More info
  • Cryptographically signed
  • Added to the LVFS by Framework
  • Can be verified after flashing
  • No attestation checksums
  • Has no detected SBOM
Tested By
  • Framework on Fedora 42,fwupd v2.0.16 8 months ago
The vendors testing the update provide no warranty of any kind (express or implied), including but not limited to the warranties of merchantability, fitness for a particular purpose or non-infringement. In no event shall these vendors be liable for any claim, damages or other liability.
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.0.3.18
2025-07-21 23:18:13

This firmware update includes the following changes: Update microcode to 0x437; Reverted fan set points to prevent the CPU from throttling to 400Mhz

Urgency high
Reported Success 88% (high confidence)
Fixed issues:
  • CVE-2025-20054

    Uncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2025-20109
Licenses
Security
  • Contains Intel Boot Guard More info
  • Cryptographically signed
  • Added to the LVFS by Framework
  • Can be verified after flashing
  • No attestation checksums
  • Has no detected SBOM
Tested By
  • Framework on Fedora 42,fwupd v2.0.16 8 months ago
  • Framework on Fedora 41,fwupd v1.9.30 10 months ago
The vendors testing the update provide no warranty of any kind (express or implied), including but not limited to the warranties of merchantability, fitness for a particular purpose or non-infringement. In no event shall these vendors be liable for any claim, damages or other liability.
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.0.3.17
2025-06-10 04:12:33

This firmware update includes the following changes:

  • Update Intel CSME to 16.1.32.2418v0.2_A0_Corporate
  • Update PD firmware version 0.1.2E to improve system power consumption with low power HDMI/DP expansion cards when no monitor is attached.
  • Fixed retimer updates cause ports to stop working after the update.
  • Fixed retimer capsule update causes the device in standalone mode to reset and fail updating during the update process.
  • Added battery lifetime extender functionality.(See below for details)
  • Add USB4 PCR Measurement BIOS option in the advanced setup menu.
  • Fixed the battery extender setting overwritten battery charge limit on boot.
  • Fixed high temperature causes continuous CPU throttling to LFM.
  • Fixed battery charging limit is reset by battery extender reset timer.

Urgency high
Reported Success 72% (high confidence)
Fixed issues:
  • CVE-2024-49200

    An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde InsydeH2O with kernel 5.2 though 5.7. A potential DXE memory corruption vulnerability has been identified. The root cause is use of a pointer originating from the value of an NVRAM variable as the target of a write operation. This can be leveraged by an attacker to perform arbitrary writes, potentially leading to arbitrary code execution. The issue has been fixed in kernel 5.2, Version 05.29.44; kernel 5.3, Version 05.38.44; kernel 5.4, Version 05.46.44; kernel 5.5, Version 05.54.44; kernel 5.6, Version 05.61.44; and kernel 5.7, Version 05.70.44.

  • CVE-2024-30211

    Improper access control in some Intel(R) ME driver pack installer engines before version 2422.6.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-26021

    Improper initialization in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2024-31068

    Improper Finite State Machines (FSMs) in Hardware Logic for some Intel(R) Processors may allow privileged user to potentially enable denial of service via local access.

  • CVE-2024-25078

    A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could lead to escalating privileges in SMM.

  • CVE-2023-34424

    Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access.

  • CVE-2023-38655

    Improper buffer restrictions in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable denial of service via network access.

  • CVE-2023-40067

    Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

  • CVE-2023-48361

    Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2024-21844

    Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access.

  • CVE-2023-45230

    Buffer overflow in the DHCPv6 client via a long Server ID option.

  • CVE-2023-45232

    Infinite loop when parsing unknown options in the Destination Options header

  • CVE-2023-45233

    Infinite loop when parsing a PadN option in the Destination Options header

  • VU#132380

    Vulnerabilities in EDK2 NetworkPkg IP stack implementation.

  • CVE-2023-45234

    Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message
Licenses
Security
  • Contains Intel Boot Guard More info
  • Cryptographically signed
  • Added to the LVFS by Framework
  • Can be verified after flashing
  • No attestation checksums
  • Has no detected SBOM
Tested By
  • Framework on Fedora 41,fwupd v1.9.29 1 year, 1 month ago
The vendors testing the update provide no warranty of any kind (express or implied), including but not limited to the warranties of merchantability, fitness for a particular purpose or non-infringement. In no event shall these vendors be liable for any claim, damages or other liability.
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.0.3.9 — may not be suitable for production systems
2025-03-07 03:37:51

New Feature:*Implement battery extender function.*Add USB4 PCR Measurement BIOS option.

Fixes in this release

*Fixed retimer updates cause ports to stop working after the update.

*Fixed retimer capsule update causes standalone device to reset and fail the update.

Urgency high
Reported Success 82% (medium confidence)
Fixed issues:
  • CVE-2024-21844

    Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access.

  • CVE-2023-48361

    Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2023-40067

    Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

  • CVE-2023-38655

    Improper buffer restrictions in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable denial of service via network access.

  • CVE-2023-34424

    Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access.

  • CVE-2024-25078

    A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could lead to escalating privileges in SMM.

  • CVE-2023-45230

    Buffer overflow in the DHCPv6 client via a long Server ID option.

  • CVE-2023-45232

    Infinite loop when parsing unknown options in the Destination Options header

  • CVE-2023-45233

    Infinite loop when parsing a PadN option in the Destination Options header

  • VU#132380

    Vulnerabilities in EDK2 NetworkPkg IP stack implementation.

  • CVE-2023-45234

    Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message
Licenses
Security
  • Contains Intel Boot Guard More info
  • Cryptographically signed
  • Added to the LVFS by Framework
  • Can be verified after flashing
  • No attestation checksums
  • Has no detected SBOM
Tested By
  • Framework on nixos 24.05,fwupd v1.9.19 1 year, 3 months ago
The vendors testing the update provide no warranty of any kind (express or implied), including but not limited to the warranties of merchantability, fitness for a particular purpose or non-infringement. In no event shall these vendors be liable for any claim, damages or other liability.
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.0.3.6 — may not be suitable for production systems
2022-12-22 09:49:12

Changes In this Release

Added bios option in Advanced menu to enable/disable standalone operation.When enabled, the system will skip checks for display/touchpad/audio daughterboard and chassis open.Modified power button low battery LED behavior.

Update PD and Retimer Firmware to fix Thunderbolt compliance issues.Add flash flags to save boot options for standalone operation.Put the retimer in low power mode when the hdmi /display port expansion card is installed but no cable is attached for power saving.

Fixes In this Release

Fix BIOS setup item TPM availability help string.Fix press F3/F12 hotkey causes system hang if BIOS quiet boot is set to disabled.Fix Touchpad does not enter P2P mode when EC re-enables PS2 mouse.Fix Touchpad board id was incorrectly reported if the touchpad was removed.

Urgency high
Reported Success 95% (high confidence)
Fixed issues:
  • CVE-2022-35408

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite the function pointers in the EFI_BOOT_SERVICES table before the USB SMI handler triggers. (This is not exploitable from code running in the operating system.)

  • CVE-2022-36338

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI.

  • CVE-2022-36448

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver.

  • CVE-2022-36337

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code.

  • CVE-2022-35897

    An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code.

  • CVE-2022-35896

    An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to information disclosure.

  • CVE-2022-35895

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The FwBlockSericceSmm driver does not properly validate input parameters for a software SMI routine, leading to memory corruption of arbitrary addresses including SMRAM, and possible arbitrary code execution.

  • CVE-2022-35894

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure.

  • CVE-2022-35893

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Licenses
Security
  • Contains Intel Boot Guard More info
  • Cryptographically signed
  • Added to the LVFS by Framework
  • Can be verified after flashing
  • No attestation checksums
  • Has no detected SBOM
Release Gating
Download Archive Firmware Details

Copyright © Linux Vendor Firmware Service Project a Series of LF Projects, LLC and its contributors with icons from Font Awesome. :: Project Charter :: Project terms of use and other policies