A recently discovered vulnerability in Intel processors could impact a large number of computers. The vulnerability, known as CVE-2024-0762 or “UEFIcanhazbufferoverflow,” is a buffer overflow issue in Phoenix Technologies’ SecureCore Unified Extensible Firmware Interface (UEFI) firmware. Initially disclosed by the supplier in May, it has now been detailed by Eclypsium researchers after being identified in Lenovo ThinkPad laptops. The vulnerability arises from an insecure call to the GetVariable() runtime service, allowing attackers to exploit the system by providing excessive data, leading to privilege escalation and code execution on affected machines.
The widespread nature of Intel’s processors, which dominate the market, and the SecureCore firmware running on 10 generations of Intel chips, means that the vulnerability could affect numerous PC models from various vendors. UEFI firmware vulnerabilities like this are particularly concerning as they provide attackers with root-level privileges, persistence through reboots, and the ability to bypass traditional security measures. Exploiting UEFI vulnerabilities can allow attackers to install malware before the operating system even starts.
The severity of the UEFIcanhazbufferoverflow vulnerability is underscored by its classification as a “high” risk according to the CVSS scoring system. However, it does require prior access to the target machine by an attacker. Moreover, crafting exploits for this vulnerability may require customization based on the target computer’s configuration and permissions, adding complexity to potential attacks.
While patches are being developed by vendors to address the vulnerability, the process is complicated due to the multiple versions of UEFI code affected. Lenovo has started releasing fixes, but it may take time for other OEMs and design manufacturers to follow suit. This delay in patch deployment highlights the challenges of the supply chain in addressing cybersecurity vulnerabilities.
In conclusion, the UEFIcanhazbufferoverflow vulnerability poses a significant risk to a wide range of computers using Intel processors. The complexity of crafting exploits and developing patches adds layers of difficulty to mitigating the threat. As organizations and end-users wait for patches to be deployed, the need for coordinated efforts across the supply chain to address such vulnerabilities becomes increasingly apparent.
Article Source
https://www.darkreading.com/vulnerabilities-threats/high-risk-overflow-bug-in-intel-chips-likely-impacts-100s-of-pc-models
