Cybersecurity researchers have disclosed particulars of a now-patched safety flaw in Phoenix SecureCore UEFI firmware that impacts a number of households of Intel Core desktop and cellular processors.
Tracked as CVE-2024-0762 (CVSS rating: 7.5), the “UEFIcanhazbufferoverflow” vulnerability has been described as a case of a buffer overflow stemming from using an unsafe variable within the Trusted Platform Module (TPM) configuration that might consequence within the execution of malicious code.
“The vulnerability permits an area attacker to escalate privileges and acquire code execution inside the UEFI firmware throughout runtime,” provide chain safety agency Eclypsium mentioned in a report shared with The Hacker Information.
“Any such low-level exploitation is typical of firmware backdoors (e.g., BlackLotus) which can be more and more noticed within the wild. Such implants give attackers ongoing persistence inside a tool and sometimes, the flexibility to evade higher-level safety measures working within the working system and software program layers.”
Following accountable disclosure, the vulnerability was addressed by Phoenix Applied sciences in April 2024. PC maker Lenovo has additionally launched updates for the flaw as of final month.
“This vulnerability impacts gadgets utilizing Phoenix SecureCore firmware working on choose Intel processor households, together with AlderLake, CoffeeLake, CometLake, IceLake, JasperLake, KabyLake, MeteorLake, RaptorLake, RocketLake, and TigerLake,” the firmware developer mentioned.
UEFI, a successor to BIOS, refers to motherboard firmware used throughout startup to initialize the {hardware} elements and cargo the working system through the boot supervisor.
The truth that UEFI is the primary code that is run with the very best privileges has made it a profitable goal for risk actors seeking to deploy bootkits and firmware implants that may subvert safety mechanisms and preserve persistence with out being detected.
This additionally signifies that vulnerabilities found within the UEFI firmware can pose a extreme provide chain danger, as they will influence many alternative merchandise and distributors without delay.
“UEFI firmware is among the most high-value code on fashionable gadgets, and any compromise of that code can provide attackers full management and persistence on the machine,” Eclypsium mentioned.
The event comes practically a month after the corporate disclosed the same unpatched buffer overflow flaw in HP’s implementation of UEFI that impacts HP ProBook 11 EE G1, a tool that reached end-of-life (EoL) standing as of September 2020.
It additionally follows the disclosure of a software program assault known as TPM GPIO Reset that could possibly be exploited by attackers to entry secrets and techniques saved on disk by different working techniques or undermine controls which can be protected by the TPM resembling disk encryption or boot protections.