CVE-2024-8105

Name of the Vulnerable Software and Affected Versions UEFI firmware (affected versions not specified)

Description A vulnerability related to the use of an insecure Platform Key (PK) has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised. This issue may allow an attacker to gain persistent access to devices such as PCs, servers, etc. with UEFI firmware, potentially compromising boot security and allowing the installation of malware. Millions of devices are potentially at risk due to this flaw in UEFI systems.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.