‘Phoenix SecureCore UEFI Vulnerability Allows ‘UEFIcanhazbufferoverflow’ Attack on Intel Processors”

‘Phoenix SecureCore UEFI Vulnerability Allows ‘UEFIcanhazbufferoverflow’ Attack on Intel Processors”


A new vulnerability known as “UEFIcanhazbufferoverflow,” identified as CVE-2024-0762, has been discovered in the Phoenix SecureCore UEFI firmware, impacting various desktop and mobile Intel Core processors. This vulnerability, disclosed by cybersecurity researchers, exposes a critical buffer overflow issue within the Trusted Platform Module (TPM) configuration, potentially enabling unauthorized code execution by malicious actors.

Eclypsium, a company specializing in supply chain security, detected this vulnerability through its Eclypsium Automata automated binary analysis system. They revealed that the flaw could be exploited locally to escalate privileges and take control of the UEFI firmware during runtime, bypassing higher-level security measures and posing a significant threat to affected devices.

The affected Phoenix SecureCore UEFI firmware is utilized in multiple generations of Intel Core processors, including AlderLake, CoffeeLake, CometLake, IceLake, JasperLake, KabyLake, MeteorLake, RaptorLake, RocketLake, and TigerLake. As these processors are widely adopted by various OEMs, the UEFIcanhazbufferoverflow vulnerability has the potential to impact a broad range of PC products on the market.

According to researchers at Eclypsium, the vulnerability stems from insecure variable handling within the TPM configuration, particularly concerning the TCG2_CONFIGURATION variable. This oversight could result in a buffer overflow scenario, facilitating an attacker’s ability to execute arbitrary code.

In response to the disclosure, Phoenix Technologies promptly assigned CVE-2024-0762 to the UEFIcanhazbufferoverflow vulnerability and released patches on May 14, 2024, to address the issue. With a CVSS score of 7.5, indicating a high-risk threat, the severity of this vulnerability underscores the importance of implementing protective measures.

The exploitation of UEFI firmware vulnerabilities like “UEFIcanhazbufferoverflow” underscores the critical role of firmware in device security. The UEFI architecture serves as foundational software that initializes hardware and manages system operations, making it an attractive target for attackers seeking persistent access and control.

This incident also highlights the challenges of supply chain security, where vulnerabilities in upstream components can have cascading effects across multiple suppliers and products. Organizations are advised to utilize comprehensive scanning tools to identify affected devices and promptly apply firmware updates issued by vendors.

For businesses relying on devices with potentially impacted firmware, proactive measures should include implementing solutions to continuously monitor and assess device integrity. This proactive approach helps mitigate risks associated with older devices and ensures ongoing protection against active exploitation of firmware-based vulnerabilities.

Article Source
https://thecyberexpress.com/ueficanhazbufferoverflow-vulnerability/