UEFIcanhazbufferoverflow: The Far-reaching Impact of a Vulnerability in Common PC and Server Firmware – Eclypsium | Enhancing Supply Chain Security in Today’s Enterprises

UEFIcanhazbufferoverflow: The Far-reaching Impact of a Vulnerability in Common PC and Server Firmware – Eclypsium | Enhancing Supply Chain Security in Today’s Enterprises

Eclypsium’s automated binary analysis system, Automata, has uncovered a significant vulnerability in the Phoenix SecureCore UEFI firmware used on various Intel Core processor families, including AlderLake, CoffeeLake, CometLake, IceLake, JasperLake, KabyLake, MeteorLake, RaptorLake, RocketLake, and TigerLake. This vulnerability, identified as CVE-2024-0762 with a CVSS score of 7.5, involves an unsafe variable in the Trusted Platform … Read more

‘Phoenix SecureCore UEFI Vulnerability Allows ‘UEFIcanhazbufferoverflow’ Attack on Intel Processors”

‘Phoenix SecureCore UEFI Vulnerability Allows ‘UEFIcanhazbufferoverflow’ Attack on Intel Processors”

A new vulnerability known as “UEFIcanhazbufferoverflow,” identified as CVE-2024-0762, has been discovered in the Phoenix SecureCore UEFI firmware, impacting various desktop and mobile Intel Core processors. This vulnerability, disclosed by cybersecurity researchers, exposes a critical buffer overflow issue within the Trusted Platform Module (TPM) configuration, potentially enabling unauthorized code execution by malicious actors. Eclypsium, a … Read more