CVE-2024-0762: Potential buffer overflow when handling UEFI variables
First published: Tue May 14 2024(Updated: )
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323; Phoenix SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287; Phoenix SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236; Phoenix SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184; Phoenix SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269; Phoenix SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218; Phoenix SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
Credit: 22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phoenix SecureCore | >4.0.1.1<4.0.1.998 | |
| Phoenix SecureCore | >4.1.0.1<4.1.0.562 | |
| Phoenix SecureCore | >4.2.0.1<4.2.0.323 | |
| Phoenix SecureCore | >4.2.1.1<4.2.1.287 | |
| Phoenix SecureCore | >4.3.0.1<4.3.0.236 | |
| Phoenix SecureCore | >4.3.1.1<4.3.1.184 | |
| Phoenix SecureCore | >4.4.0.1<4.4.0.269 | |
| Phoenix SecureCore | >4.5.0.1<4.5.0.218 | |
| Phoenix SecureCore | >4.5.1.1<4.5.1.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.bleepingcomputer.com/news/security/phoenix-uefi-vulnerability-impacts-hundreds-of-intel-pc-models/
- https://www.phoenix.com/security-notifications/cve-2024-0762/
- https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
- https://news.ycombinator.com/item?id=40747852
- https://www.theregister.com/2024/06/21/uefi_vulnerability_intel_chips/
Frequently Asked Questions
What is the severity of CVE-2024-0762?
CVE-2024-0762 is classified as a potential buffer overflow vulnerability that could have significant security implications.
How do I fix CVE-2024-0762?
To remediate CVE-2024-0762, it is advised to update the Phoenix SecureCore firmware to the latest version that addresses this vulnerability.
Which systems are affected by CVE-2024-0762?
CVE-2024-0762 affects select Intel platforms running Phoenix SecureCore firmware, specifically models using Intel Kaby Lake and Coffee Lake chipsets.
What are the risks associated with CVE-2024-0762?
The risks associated with CVE-2024-0762 include potential unauthorized access, system instability, and risk of malware exploitation.
Has CVE-2024-0762 been publicly disclosed?
Yes, CVE-2024-0762 has been publicly disclosed and is being actively monitored by the cybersecurity community.
- agent/title
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-0762
- collector/mitre-cve
- source/MITRE
- collector/the-register
- source/The Register
- agent/references
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/description
- agent/tags
- agent/guess-ai
- vendor/phoenix