A new vulnerability has been discovered in the UEFI firmware that poses a security threat to various Intel chip families, similar to past exploits like BlackLotus. Security workshop Eclypsium has disclosed the CVE-2024-0762 vulnerability to Phoenix Technologies, whose UEFI firmware is affected. This firmware is used in a wide range of Windows laptops, tablets, desktops, and servers.
The vulnerability affects chips from Intel families such as Alder Lake, Coffee Lake, Comet Lake, Ice Lake, Kaby Lake, Meteor Lake, Raptor Lake, Rocket Lake, and Tiger Lake. The issue is related to a buffer overflow bug found originally on Lenovo’s ThinkPad, and it focuses on an insecure variable in the Trusted Platform Module (TPM) configuration. This vulnerability could potentially lead to buffer overflow, privilege escalation, and code execution.
The variable in question (TCG2_CONFIGURATION) is configured differently on each platform, affecting the possibility and severity of exploitation. Having a TPM on a device, which is intended to enhance security and prevent unauthorized boot processes, is not sufficient to prevent exploitation of this vulnerability. Lenovo has already released patches for the issue and has provided a list of affected laptops and ThinkPads for owners to review and update.
Phoenix Technologies has mentioned that mitigations for the vulnerability have been available since April, urging customers to update their firmware to the latest version to avoid potential exploits. The industry has been alerted to the seriousness of UEFI exploits, as they can create hidden backdoors and are difficult to detect. Previous UEFI flaws like BlackLotus, CosmicStrand, and MosaicRegressor have caused concern among security professionals, and the current vulnerability, named “UEFICanHazBufferOverflow” by Eclypsium, is seen as equally significant.
The exploit involves manipulating calls to the GetVariable UEFI service in a specific manner, which could lead to a successful attack. Eclypsium has refrained from releasing proof-of-concept code but has explained how attackers could exploit the vulnerability by altering the value of the ‘TCG2_CONFIGURATION’ UEFI variable at runtime, causing a stack buffer overflow.
Intel has not yet provided a statement on the issue, but both Eclypsium and Phoenix Technologies are advising users to update their firmware to mitigate the risk. This vulnerability serves as a reminder of the ongoing need for robust security measures in UEFI firmware to prevent malicious attacks on system integrity.
Article Source
https://www.theregister.com/AMP/2024/06/21/uefi_vulnerability_intel_chips/