Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability

Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability

June 20, 2024 at 09:33AM

A high-severity vulnerability, CVE-2024-0762 (dubbed UEFIcanhazbufferoverflow), was found in Phoenix Technologies’ SecureCore UEFI firmware, affecting multiple Intel processors. Eclypsium discovered the security hole, warning of potential escalation of privileges and code execution. Phoenix has addressed the issue, with device manufacturers deploying patches. Lenovo is also releasing fixes for affected computers.

Key takeaways from the meeting notes are as follows:

1. Phoenix Technologies’ SecureCore UEFI firmware solution has been found to have a high-severity vulnerability (CVE-2024-0762), named UEFIcanhazbufferoverflow, impacting hundreds of PC and server models using Intel processors.

2. The vulnerability can be exploited by a local attacker, allowing for privilege escalation and execution of arbitrary code within the UEFI firmware during runtime. It is linked to an unsafe variable in the Trusted Platform Module (TPM) configuration.

3. This vulnerability is significant due to its high impact and broad reach, potentially allowing attackers full control and persistence on affected devices.

4. The affected Intel processor families include Alder Lake, Coffee Lake, Comet Lake, Ice Lake, Jasper Lake, Kaby Lake, Meteor Lake, Raptor Lake, Rocket Lake, and Tiger Lake.

5. Phoenix Technologies has released a patch for CVE-2024-0762, and device manufacturers such as Lenovo are deploying the patch to their products.

6. Lenovo has informed customers about the vulnerability and has started releasing patches, with some fixes expected to become available later this summer.

7. Additional related vulnerabilities have been identified in the industry, emphasizing the ongoing need for vigilance and proactive security measures.

Full Article