Cybersecurity researchers have recently discovered a UEFI vulnerability in Phoenix SecureCore UEFI firmware that affects various Intel Core desktop and mobile processors. Dubbed “UEFIcanhazbufferoverflow,” the now-patched vulnerability, identified as CVE-2024-0762 with a CVSS score of 7.5, involves a buffer overflow caused by an unsafe variable in the Trusted Platform Module (TPM) configuration, potentially allowing the execution of malicious code.
The flaw allows local attackers to escalate privileges and execute code within the UEFI firmware during runtime, according to Eclypsium, a supply chain security firm. Such low-level exploitation is common in firmware backdoors like BlackLotus, which enable attackers to maintain persistent control over a device, often bypassing higher-level security measures in the operating system and software layers.
Phoenix Technologies addressed this UEFI vulnerability in April 2024 after responsible disclosure, and Lenovo has released updates to address the issue. The vulnerability affects devices using Phoenix SecureCore firmware on multiple Intel processor families, including Alder Lake, Coffee Lake, Comet Lake, Ice Lake, Jasper Lake, Kaby Lake, Meteor Lake, Raptor Lake, Rocket Lake, and Tiger Lake.
UEFI (Unified Extensible Firmware Interface) is crucial firmware that replaced the BIOS and is used during the boot process to initialize hardware components and load the operating system via the boot manager. As the first code to run with the highest privileges, UEFI is an attractive target for threat actors seeking to deploy bootkits and firmware implants to subvert security mechanisms and maintain persistence without detection.
UEFI firmware vulnerabilities pose a significant risk to the supply chain, potentially affecting a wide range of products and suppliers. The discovery of this vulnerability highlights the importance of protecting UEFI firmware against threats. Recent related discoveries include unpatched buffer overflow flaws in HP’s UEFI implementation affecting the HP ProBook 11 EE G1 and a software attack called TPM GPIO Reset that could undermine TPM-protected controls.
Enhancements have been made in UEFI firmware to prevent low-level attacks that can lead to serious security breaches. Protecting UEFI is critical to ensuring the overall security of the device, and regular updates and patches from firmware developers and device manufacturers are essential to safeguard system integrity.
In conclusion, the discovery of UEFI vulnerabilities emphasizes the critical need for robust security measures and ongoing updates to protect against potential threats. The integrity of our systems depends on proactive measures to address vulnerabilities and mitigate risks effectively.
Article Source
https://securityboulevard.com/2024/07/researchers-uncover-uefi-vulnerability-affecting-intel-cpus/amp/
