Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack(ars technica)

I think part of this is because the original article talks about boards with vulnerable parsers, but that doesn't mean that they can (currently) be exploited by uploading an image. For instance it says:

> Since the vulnerable parsers are developed and distributed by the IBVs – AMI, Insyde and Phoenix – a large percentage of devices
> UEFI firmware image out there contains a parser vulnerable to LogoFAIL. This is also confirmed by the data our platform constantly
> scans. Thanks to our triaging efforts, we were able to produce rules for fwhunt, our firmware vulnerability scanner, and confirm that
> every OEM is impacted by this supply chain problem. As we can see in the following table, we detected parsers vulnerable to
> LogoFAIL in hundreds of devices sold by Lenovo, Supermicro, MSI, HP, Acer, Dell, Fujitsu, Samsung and Intel.

But then goes on to say:

> The exploitability of these vulnerabilities relies on whether the user is able to input data to a parser. When these parsers are used to
> display a logo during boot and when this logo can be replaced by an attacker, using any of the OEM customization techniques
> described in the Attack Surface section of this blogpost, then LogoFAIL becomes an exploitable threat.

They do list 3 scenarios by which it could be exploited, with the first being the easiest (and potentially remote) attack with just 3 vendors named, but then include as the hardest using an SPI flash programmer which would require physical access & an unprotected BIOS which could expand that list considerably.