A new vulnerability has been discovered in the Phoenix SecureCore UEFI firmware that affects multiple desktop and mobile Intel Core processors. The vulnerability, identified as CVE-2024-0762 with a severity level of 7.5, was first detected on the Lenovo ThinkPad X1 Carbon 7th Gen and SecureCore versions firmware.
Known as UEFIcanhazbufferoverflow, this vulnerability has been found in various Intel processor families and generations, including AlderLake, CoffeeLake, CometLake, IceLake, JasperLake, KabyLake, MeteorLake, RaptorLake, RocketLake, and TigerLake. These processors are used by several OEMs and ODMs.
The vulnerability allows a local threat actor to elevate their privileges and execute remote code within the UEFI firmware during runtime. The issue stems from the UEFI code responsible for TPM configuration, which leads to a buffer overflow and malicious code execution. The extent of exploitation depends on the configuration and permissions assigned to the TCG2_CONFIGURATION variable, which varies across platforms.
If exploited, this vulnerability could enable threat actors to plant a backdoor on vulnerable devices, bypass security measures, and make it harder to detect attacks. The vulnerable module identified is GUID: E6A7A1CE-5881-4B49-80BE-69C91811685C, where two calls to GetVariable with the argument “TCG2_CONFIGURATION” allow for buffer overflow.
Users of affected firmware versions are advised to apply vendor-issued patches to mitigate this security risk. This vulnerability affects a wide range of PC products relying on Phoenix SecureCore UEFI firmware.
In conclusion, the UEFIcanhazbufferoverflow vulnerability poses a significant threat to devices running on affected Intel processors. It highlights the importance of timely updates and patch management to safeguard systems against potential exploitation by threat actors. Vigilance and proactive measures are crucial in ensuring the security and integrity of firmware and hardware components.
Article Source
https://cybersecuritynews.com/uefi-flaw-intel-impact/amp/