UEFIcanhazbufferoverflow: The Far-reaching Impact of a Vulnerability in Common PC and Server Firmware – Eclypsium | Enhancing Supply Chain Security in Today’s Enterprises

UEFIcanhazbufferoverflow: The Far-reaching Impact of a Vulnerability in Common PC and Server Firmware – Eclypsium | Enhancing Supply Chain Security in Today’s Enterprises

Eclypsium’s automated binary analysis system, Automata, has uncovered a significant vulnerability in the Phoenix SecureCore UEFI firmware used on various Intel Core processor families, including AlderLake, CoffeeLake, CometLake, IceLake, JasperLake, KabyLake, MeteorLake, RaptorLake, RocketLake, and TigerLake. This vulnerability, identified as CVE-2024-0762 with a CVSS score of 7.5, involves an unsafe variable in the Trusted Platform … Read more