CVE-2024-0762

Name of the Vulnerable Software and Affected Versions Phoenix SecureCore for Intel Kaby Lake versions 4.0.1.1 through 4.0.1.998 Phoenix SecureCore for Intel Coffee Lake versions 4.1.0.1 through 4.1.0.562 Phoenix SecureCore for Intel Ice Lake versions 4.2.0.1 through 4.2.0.323 Phoenix SecureCore for Intel Comet Lake versions 4.2.1.1 through 4.2.1.287 Phoenix SecureCore for Intel Tiger Lake versions 4.3.0.1 through 4.3.0.236 Phoenix SecureCore for Intel Jasper Lake versions 4.3.1.1 through 4.3.1.184 Phoenix SecureCore for Intel Alder Lake versions 4.4.0.1 through 4.4.0.269 Phoenix SecureCore for Intel Raptor Lake versions 4.5.0.1 through 4.5.0.218 Phoenix SecureCore for Intel Meteor Lake versions 4.5.1.1 through 4.5.1.15

Description The issue is related to a buffer overflow vulnerability in the Phoenix SecureCore UEFI firmware, which can be exploited to execute arbitrary code. This vulnerability affects many devices with Intel CPUs, including laptops, PCs, and servers from various manufacturers such as Dell, Acer, HP, and Lenovo. The vulnerability can be used to create malware and can allow an attacker to run code on affected devices, potentially leading to privilege escalation and code execution. It is estimated that hundreds of PC and server models may be affected.

Recommendations For Phoenix SecureCore for Intel Kaby Lake versions 4.0.1.1 through 4.0.1.998, update to version 4.0.1.998 or later. For Phoenix SecureCore for Intel Coffee Lake versions 4.1.0.1 through 4.1.0.562, update to version 4.1.0.562 or later. For Phoenix SecureCore for Intel Ice Lake versions 4.2.0.1 through 4.2.0.323, update to version 4.2.0.323 or later. For Phoenix SecureCore for Intel Comet Lake versions 4.2.1.1 through 4.2.1.287, update to version 4.2.1.287 or later. For Phoenix SecureCore for Intel Tiger Lake versions 4.3.0.1 through 4.3.0.236, update to version 4.3.0.236 or later. For Phoenix SecureCore for Intel Jasper Lake versions 4.3.1.1 through 4.3.1.184, update to version 4.3.1.184 or later. For Phoenix SecureCore for Intel Alder Lake versions 4.4.0.1 through 4.4.0.269, update to version 4.4.0.269 or later. For Phoenix SecureCore for Intel Raptor Lake versions 4.5.0.1 through 4.5.0.218, update to version 4.5.0.218 or later. For Phoenix SecureCore for Intel Meteor Lake versions 4.5.1.1 through 4.5.1.15, update to version 4.5.1.15 or later. As a temporary workaround, consider disabling the vulnerable UEFI firmware until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the affected API endpoints until the issue is resolved.