June 21, 2024 at 12:30PM
A new UEFI firmware vulnerability (CVE-2024-0762, CVSSv3: 7.5) disclosed by Eclypsium affects Phoenix Technologies’ UEFI firmware, potentially impacting various Intel chip families back to Kaby Lake. Exploiting a Trusted Platform Module (TPM) configuration flaw, it poses a threat despite having a TPM in the device. Mitigations and patches have been issued, with the importance of firmware updates emphasized.
The meeting notes highlight a new vulnerability in UEFI firmware that poses a security threat to a wide range of Intel chip families. The vulnerability, referred to as CVE-2024-0762, involves a buffer overflow bug in Lenovo’s ThinkPad devices, affecting multiple Intel chip families. Chips such as Alder Lake, Coffee Lake, Comet Lake, Ice Lake, Jasper Lake, Kaby Lake, Meteor Lake, Raptor Lake, Rocket Lake, and Tiger Lake are potentially affected by this vulnerability.
The vulnerability is located in the Trusted Platform Module (TPM) configuration and can lead to privilege escalation and code execution. The research disclosed indicates that the vulnerability poses a significant threat and may potentially affect a wide range of PC products that use the Phoenix SecureCore UEFI firmware. Lenovo has already issued patches, and Phoenix Technologies recommends updating firmware to the latest version to prevent exploitation of the flaw.
The vulnerability is comparable to past UEFI exploits such as BlackLotus, CosmicStrand, and MosaicRegressor, which also raised industry concerns due to the backdoor access they provided to system levels. The organization responsible for the research, Eclypsium, chose not to release proof of concept code but outlined the potential for successful exploitation by compromising the ‘TCG2_CONFIGURATION’ UEFI variable at system runtime. This finding is being regarded with significant importance within the security community.