Phoenix UEFI Flaw Impacts Hundreds of Intel PC Models
A significant vulnerability in Phoenix SecureCore UEFI firmware has been discovered, affecting hundreds of Intel PC and server models. The flaw, identified as CVE-2024-0762 and holding a CVSS score of 7.5, was uncovered by Eclypsium's automated binary analysis system.
This high-impact vulnerability involves an unsafe variable in the Trusted Platform Module (TPM) configuration that can lead to a buffer overflow and malicious code execution. "To be clear, this vulnerability lies in the UEFI code handling TPM configuration — in other words, it doesn’t matter if you have a security chip like a TPM if the underlying code is flawed," warns Eclypsium.
The affected Intel processors span multiple generations, including Alder Lake, Coffee Lake, Comet Lake, Ice Lake, Jasper Lake, Kaby Lake, Meteor Lake, Raptor Lake, Rocket Lake, and Tiger Lake.
Initially, the issue was identified in Lenovo's ThinkPad X1 Carbon 7th Gen and X1 Yoga 4th Gen, but it has since been confirmed that the vulnerability may impact a wide range of vendors, including Dell, Acer, and HP.
The bug was found in the System Management Mode (SMM) subsystem of the Phoenix SecureCore firmware, a critical part of the firmware that runs with high privileges.
Phoenix Technologies has addressed the vulnerability, and manufacturers such as Lenovo have started deploying the necessary updates. Lenovo's advisory, published in May, details the affected models and the availability of firmware updates, with some fixes scheduled for release later this year.
The Register emphasized the severity of UEFI vulnerabilities, noting that they often allow attackers to operate within the lowest and most privileged levels of a system, establishing persistent backdoors that are very difficult to detect. Previous UEFI flaws allowed for the notorious BlackLotus, CosmicStrand, and MosaicRegressor malware.
Users are strongly advised to update their PC firmware to the latest version and consult their hardware vendors to prevent potential exploitation.
Please, comment on how to improve this article. Your feedback matters!