Oof, this is a bad one. A vulnerability was found in the UEFI reference design, a firmware codebase used by virtually all popular Windows and Linux PCs. The exploit uses a bug in an image decoder (yep, image decoders, once again) that runs during boot *before* most security countermeasures are installed.
The image used during boot is configurable from userland. So an exploit can run during a user session, after which the next reboot will be compromised.
“Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack”