A recent study by Eclypsium has revealed a vulnerability in the Phoenix SecureCore UEFI firmware that affects various Intel processors and hundreds of computer models. This flaw, known as CVE-2024-0762 or “UEFIcanhazbufferoverflow,” has been assigned a CVSS score of 7.5 and involves an unsafe variable in the Trusted Platform Module (TPM) configuration that could potentially lead to a buffer overflow and the execution of malicious code.
According to Eclypsium, UEFI vulnerabilities have become a prime target for attackers due to the critical role firmware plays in controlling the system boot process. Recent UEFI attacks, such as BlackLotus and MosaicRegressor, highlight the growing importance of addressing these vulnerabilities. The exploit allows a local attacker to escalate privileges and execute code within the UEFI firmware, providing them with continuous access and the ability to evade higher-level security measures.
While the vulnerability is not new, Phoenix issued a notice about it last month and released mitigations as early as April. Customers were urged to update their firmware to incorporate these mitigations. The flaw was initially reported in the Lenovo ThinkPad X1 Carbon 7th Gen, RocketLake, and TigerLake, highlighting the potential widespread impact due to the use of Phoenix SecureCore UEFI in various PC products.
Nate Warfield, director of threat research and intelligence at Eclypsium, mentioned that there have been no known exploitations of the vulnerability to date. Exploitation is considered less likely as it would be used by an attacker to maintain persistence once they have accessed the system. Eclypsium has refrained from releasing a proof of concept exploit for the vulnerability.
It is important to note that UEFI firmware development is a specialized and complex process, with OEMs frequently sourcing firmware from third-party vendors. In this case, Lenovo licensed the firmware from Phoenix Technologies, potentially impacting multiple products and vendors. Any manufacturer using versions of the Phoenix firmware mentioned in the CVE could be affected by the vulnerability.
Intel has been approached for additional comments on the matter. This revelation emphasizes the necessity of addressing UEFI vulnerabilities to prevent potential exploitation and maintain system security.
Article Source
https://www.techtarget.com/searchsecurity/news/366589399/Phoenix-SecureCore-UEFI-firmware-bug-affects-Intel-processors