What's new

UEFIcanhazbufferoverflow

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

PR3MIUM

Senior Member

UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware​


Eclypsium Automata, our automated binary analysis system, has identified a high impact vulnerability (CVE-2024-0762 with a reported CVSS of 7.5) in the Phoenix SecureCore UEFI firmware that runs on multiple families of Intel Core desktop and mobile processors. The issue involves an unsafe variable in the Trusted Platform Module (TPM) configuration that could lead to a buffer overflow and potential malicious code execution. To be clear, this vulnerability lies in the UEFI code handling TPM configuration—in other words, it doesn’t matter if you have a security chip like a TPM if the underlying code is flawed.

phonuefi_screen.png


Source:
 
I have noticed Dell has had some new BIOS updates. It is one of the reasons I buy Dell now. In the past I would build my own PC buying motherboards. The problem I found is in after support, as it was lacking. The vendors had moved on to new motherboards and really did not want to spend time on the old motherboards.
 
Microcode updates might patch this issue within the OS, however that’s only within the OS and applies each reboot. Only a bios update can fully fix uefi or cpu vulnerabilities. The CVE and article doesn’t really explain if theirs any patches as it would be manufacturer / cpu dependent.
 
seems like not much can be done , yet . Every security upgrade brings a new batch of vulnerabilities that are getting worse . will Intel fix this ? What to do I have 5 intel laptops 2 core i9 and 3 icore i7
 
Rmemeber, UEFI is not just a bootloader, but an OS as well...

Bootloaders are executable code, whether it's BIOS, UEFI, CoreBoot, uBoot, CFE, etc...

UEFI has always been a concern, as it can do so much, and has access to/from the primary OS - so issues like the on OP has mentioned, will always be a problem.
 
Currently no BIOS Updates seen from MSI, ASUS or others wich shows this CVE in the release notes.
Phoenix has released or send a fix, just waiting for the manufacturers to release a new BIOS.
Doesnt bother if you use Legacy or UEFI, as UEFI is in the System and a attacker just needs to plug in a USB and start the PC.
 
Currently no BIOS Updates seen from MSI, ASUS or others wich shows this CVE in the release notes.
AFAIK, many motherboard manufactuers use AMI, not Phoenix. So there's nothing for Asus to update there, they don't use Phoenix.

I generally mostly see Phoenix in laptops or OEM desktops.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top