We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-0762

Potential buffer overflow when handling UEFI variables



Description

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323; Phoenix SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287; Phoenix SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236; Phoenix SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184; Phoenix SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269; Phoenix SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218; Phoenix SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.

Reserved 2024-01-19 | Published 2024-05-14 | Updated 2024-08-01 | Assigner Phoenix


HIGH: 7.5CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Product status

Default status
unaffected

4.0.1.1 before 4.0.1.998
affected

Default status
unaffected

4.1.0.1 before 4.1.0.562
affected

Default status
unaffected

4.2.0.1 before 4.2.0.323
affected

Default status
unaffected

4.2.1.1 before 4.2.1.287
affected

Default status
unaffected

4.3.0.1 before 4.3.0.236
affected

Default status
unaffected

4.3.1.1 before 4.3.1.184
affected

Default status
unaffected

4.4.0.1 before 4.4.0.269
affected

Default status
unaffected

4.5.0.1 before 4.5.0.218
affected

Default status
unaffected

4.5.1.1 before 4.5.1.15
affected

Credits

Oren Isacson from Eclypsium finder

References

www.phoenix.com/security-notifications/cve-2024-0762/

eclypsium.com/...rability-in-popular-pc-and-server-firmware/

news.ycombinator.com/item?id=40747852

cve.org (CVE-2024-0762)

nvd.nist.gov (CVE-2024-0762)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-0762

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.