Assigner | Phoenix |
Reserved | 2024-01-19 |
Published | 2024-05-14 |
Updated | 2024-06-04 |
Description
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323; Phoenix SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287; Phoenix SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236; Phoenix SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184; Phoenix SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269; Phoenix SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218; Phoenix SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
Product status
4.0.1.1 before 4.0.1.998
4.1.0.1 before 4.1.0.562
4.2.0.1 before 4.2.0.323
4.2.1.1 before 4.2.1.287
4.3.0.1 before 4.3.0.236
4.3.1.1 before 4.3.1.184
4.4.0.1 before 4.4.0.269
4.5.0.1 before 4.5.0.218
4.5.1.1 before 4.5.1.15
Credits
Oren Isacson from Eclypsium
References
https://www.phoenix.com/security-notifications/cve-2024-0762/