June 20, 2024 at 05:32PM
A new vulnerability, CVE-2024-0762, in Phoenix SecureCore UEFI firmware impacts devices running various Intel CPUs. Dubbed ‘UEFICANHAZBUFFEROVERFLOW,’ the flaw, discovered by Eclypsium, affects the firmware’s TPM configuration, posing a code execution risk. Lenovo has released new firmware, with the potential for hundreds of models’ impacted. Secure Boot in UEFI firmware mitigates boot malware threats.
Based on the meeting notes, the key takeaways are:
– A new vulnerability, tracked as CVE-2024-0762, has been discovered in the Phoenix SecureCore UEFI firmware, impacting devices running Intel CPUs. Lenovo has already released new firmware updates to address the issue.
– The vulnerability, named ‘UEFICANHAZBUFFEROVERFLOW,’ is a buffer overflow bug in the firmware’s Trusted Platform Module (TPM) configuration. It could potentially allow attackers to execute malicious code and install bootkit malware on vulnerable devices.
– The vulnerability affects various Intel CPU models using the SecureCore firmware, potentially impacting hundreds of models from Lenovo, Dell, Acer, and HP.
– UEFI firmware is an attractive target for attackers due to its use of Secure Boot, which provides cryptographic confirmation that a device only boots using trusted drivers and software. However, UEFI bugs are increasingly targeted to create bootkit malware.
– Eclypsium discovered the vulnerability in the System Management Mode (SMM) subsystem of the Phoenix SecureCore firmware, enabling attackers to potentially overwrite adjacent memory and gain elevated privileges.
– Phoenix and Lenovo have taken steps to address the vulnerability, with Lenovo already releasing new firmware updates for over 150 different models, and plans to release updates for additional models later in the year.
If you require further information or specific details from the meeting notes, please feel free to ask.