Back

A recent discovery by Eclypsium's automated system, Automata, revealed a significant vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware used across various Intel Core processors. This flaw, with a CVSS score of 7.5, could lead to a buffer overflow and potentially allow attackers to execute malicious code. Initially found in Lenovo ThinkPad models, it affects multiple versions of Phoenix firmware on Intel processors, including AlderLake, CoffeeLake, and others. This widespread issue underscores the importance of UEFI firmware in device security and highlights the risks posed by vulnerabilities in the firmware supply chain. Phoenix Technologies addressed the vulnerability on May 14, 2024, but given the complexity of the supply chain, many devices may still be at risk. Users are advised to check for firmware updates from their device manufacturer.

https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/