Vulnerability in Phoenix UEFI affects multiple Intel PC models

Vulnerability in Phoenix UEFI affects multiple Intel PC models


A critical vulnerability has been discovered in the Phoenix SecureCore UEFI firmware, known as CVE-2024-0762, impacting devices with various Intel CPUs. Lenovo has already released firmware updates to address the flaw, which is identified as ‘UEFICANHAZBUFFEROVERFLOW’ and involves a buffer overflow bug in the firmware’s Trusted Platform Module (TPM) configuration that could allow for code execution on vulnerable devices.

The vulnerability was uncovered by Eclypsium, who found it on Lenovo ThinkPad X1 Carbon 7th Gen and Intel Raptor Lake, Rocket Lake, and Tiger Lake CPUs. Due to the widespread use of this firmware on Intel CPUs, the vulnerability has the potential to impact numerous models from popular brands like Lenovo, Dell, Acer, and HP.

UEFI firmware is a high-value target for threat actors due to the inclusion of Secure Boot, which enhances security by ensuring that devices only boot using trusted software and drivers. This feature prevents the installation of malicious software during the boot process. As a result, UEFI vulnerabilities are increasingly exploited to create bootkits, which are malware that load early in the boot process and provide attackers with low-level access to the system.

The bug discovered by Eclypsium resides in the System Management Mode (SMM) subsystem of the Phoenix SecureCore firmware, allowing attackers to potentially overwrite adjacent memory and gain elevated privileges. By exploiting the buffer overflow in the TPM configuration, attackers could execute malicious code in the firmware to install bootkit malware.

After identifying the vulnerability, Eclypsium collaborated with Phoenix and Lenovo to address the issue. Phoenix issued an advisory in April, and Lenovo began releasing firmware updates in May for more than 150 models. However, not all models have received firmware fixes yet, with some scheduled for release later this year.

It is crucial for users of affected devices to update their firmware as soon as possible to mitigate the risk of exploitation. Failure to install the necessary updates could leave devices vulnerable to attacks that leverage this critical vulnerability in the Phoenix SecureCore UEFI firmware.

In conclusion, the ‘UEFICANHAZBUFFEROVERFLOW’ vulnerability poses a significant security risk to devices running Intel CPUs using the Phoenix SecureCore UEFI firmware. Lenovo’s prompt response in releasing firmware updates to address the flaw is commendable, but users must take proactive steps to protect their devices by applying the necessary patches. The collaboration between security researchers, firmware vendors, and device manufacturers highlights the importance of collective efforts in addressing critical vulnerabilities and safeguarding system integrity.

Article Source
https://www.bleepingcomputer.com/news/security/phoenix-uefi-vulnerability-impacts-hundreds-of-intel-pc-models/amp/