Cybersecurity researchers have disclosed main points of a now-patched safety flaw in Phoenix SecureCore UEFI firmware that is affecting a couple of households of Intel Core desktop and cell processors.
Tracked as CVE-2024-0762 (CVSS ranking: 7.5), the “UEFIcanhazbufferoverflow” vulnerability has been described as a case of a buffer overflow stemming from the usage of an unsafe variable within the Relied on Platform Module (TPM) configuration that would outcome within the execution of malicious code.
“The vulnerability permits an area attacker to escalate privileges and acquire code execution throughout the UEFI firmware all through runtime,” provide chain safety company Eclypsium stated in a record shared with The Hacker Information.
“This kind of low-level exploitation is standard of firmware backdoors (e.g., BlackLotus) which might be more and more noticed within the wild. Such implants give attackers ongoing patience inside a tool and frequently, the power to evade higher-level safety features operating within the running device and device layers.”
Following accountable disclosure, the vulnerability was once addressed by means of Phoenix Applied sciences in April 2024. PC maker Lenovo has additionally launched updates for the flaw as of ultimate month.
“This vulnerability impacts units the use of Phoenix SecureCore firmware operating on choose Intel processor households, together with AlderLake, CoffeeLake, CometLake, IceLake, JasperLake, KabyLake, MeteorLake, RaptorLake, RocketLake, and TigerLake,” the firmware developer stated.
UEFI, a successor to BIOS, refers to motherboard firmware used all through startup to initialize the {hardware} parts and cargo the running device by means of the boot supervisor.
The truth that UEFI is the primary code that is run with the best privileges has made it a profitable goal for risk actors having a look to deploy bootkits and firmware implants that may subvert safety mechanisms and care for patience with out being detected.
This additionally signifies that vulnerabilities came upon within the UEFI firmware can pose a serious provide chain chance, as they are able to have an effect on many various merchandise and distributors directly.
“UEFI firmware is probably the most maximum high-value code on fashionable units, and any compromise of that code can provide attackers complete keep an eye on and patience at the tool,” Eclypsium stated.
The advance comes just about a month after the corporate disclosed a an identical unpatched buffer overflow flaw in HP’s implementation of UEFI that affects HP ProBook 11 EE G1, a tool that reached end-of-life (EoL) standing as of September 2020.
It additionally follows the disclosure of a device assault referred to as TPM GPIO Reset which may be exploited by means of attackers to get admission to secrets and techniques saved on disk by means of different running methods or undermine controls which might be secure by means of the TPM equivalent to disk encryption or boot protections.