Potential buffer overflow when handling UEFI variables
CVE-2024-0762
Key Information:
- Vendor
- Phoenix
- Status
- Securecore™ For Intel Kaby Lake
- Securecore™ For Intel Coffee Lake
- Securecore™ For Intel Ice Lake
- Securecore™ For Intel Comet Lake
- Vendor
- CVE Published:
- 14 May 2024
Badges
Summary
A vulnerability arises from improper handling of UEFI variables within Phoenix SecureCore™ firmware for select Intel platforms, leading to a potential buffer overflow. This risk could allow an attacker to execute arbitrary code with elevated privileges, posing significant security challenges for affected systems. Various versions of SecureCore™ across multiple Intel platform generations are susceptible, emphasizing the need for immediate attention and patching to mitigate possible exploitation.
Affected Version(s)
SecureCore™ for Intel Alder Lake 4.4.0.1 < 4.4.0.269
SecureCore™ for Intel Coffee Lake 4.1.0.1 < 4.1.0.562
SecureCore™ for Intel Comet Lake 4.2.1.1 < 4.2.1.287
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
Help Net SecurityWeek in review: CDK Global cyberattack, critical vCenter Server RCE fixed - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The rise of SaaS security teams In this Help Net
Flaw could cause buffer overflow and malicious code execution.
Flaw could cause buffer overflow and malicious code execution.
The RegisterCVE-2024-0762Phoenix UEFI bug affects long list of Intel chip families
A new vulnerability in UEFI firmware is threatening the security of a wide range of Intel chip families in a similar fashion to BlackLotus and others like it. Security shop Eclypsium just published its...
References
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 📰
First article discovered by Eclypsium
Vulnerability published
Vulnerability Reserved