CVE-2024-0762 | THREATINT

Description

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323; Phoenix SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287; Phoenix SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236; Phoenix SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184; Phoenix SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269; Phoenix SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218; Phoenix SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.

Reserved 2024-01-19 | Published 2024-05-14 | Updated 2024-08-01 | Assigner Phoenix

HIGH: 7.5CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Product status

Default status

unaffected

4.0.1.1 before 4.0.1.998

affected

Default status

unaffected

4.1.0.1 before 4.1.0.562

affected

Default status

unaffected

4.2.0.1 before 4.2.0.323

affected

Default status

unaffected

4.2.1.1 before 4.2.1.287

affected

Default status

unaffected

4.3.0.1 before 4.3.0.236

affected

Default status

unaffected

4.3.1.1 before 4.3.1.184

affected

Default status

unaffected

4.4.0.1 before 4.4.0.269

affected

Default status

unaffected

4.5.0.1 before 4.5.0.218

affected

Default status

unaffected

4.5.1.1 before 4.5.1.15

affected

Credits

Oren Isacson from Eclypsium finder

References

www.phoenix.com/security-notifications/cve-2024-0762/

eclypsium.com/...rability-in-popular-pc-and-server-firmware/

news.ycombinator.com/item?id=40747852

cve.org (CVE-2024-0762)

nvd.nist.gov (CVE-2024-0762)

Download JSON