ueficanhazbufferoverflow:
-
UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models
-
Phoenix SecureCore UEFI Flaw Exposes Intel Processors to ‘UEFIcanhazbufferoverflow’” Vulnerability
·
A newly discovered vulnerability, CVE-2024-0762, dubbed “UEFIcanhazbufferoverflow,” has recently come to light in the Phoenix SecureCore UEFI firmware, impacting various Intel Core desktop and mobile processors. The UEFIcanhazbufferoverflow vulnerability, disclosed by cybersecurity researchers, exposes a critical buffer overflow issue within the Trusted Platform Module (TPM) configuration, potentially allowing malicious actors to execute unauthorized code.
-
Summary Eclypsium Automata, our automated binary analysis system, has identified a high impact vulnerability (CVE-2024-0762 with a reported CVSS of 7.5) in the Phoenix SecureCore UEFI firmware that runs on multiple families of Intel Core desktop and mobile processors. The issue involves an unsafe variable in the Trusted Platform Module (TPM) configuration that could lead…