Cybersecurity researchers have disclosed particulars of a now-patched safety flaw in Phoenix SecureCore UEFI firmware that impacts a number of households of Intel Core desktop and cellular processors.
Tracked as CVE-2024-0762 (CVSS rating: 7.5), the “UEFIcanhazbufferoverflow” vulnerability has been described as a case of a buffer overflow stemming from the usage of an unsafe variable within the Trusted Platform Module (TPM) configuration that would outcome within the execution of malicious code.
“The vulnerability allows a local attacker to escalate privileges and gain code execution within the UEFI firmware during runtime,” provide chain safety agency Eclypsium stated in a report shared with The Hacker Information.
“This type of low-level exploitation is typical of firmware backdoors (e.g., BlackLotus) that are increasingly observed in the wild. Such implants give attackers ongoing persistence within a device and often, the ability to evade higher-level security measures running in the operating system and software layers.”
Following accountable disclosure, the vulnerability was addressed by Phoenix Applied sciences in April 2024. PC maker Lenovo has additionally launched updates for the flaw as of final month.
“This vulnerability affects devices using Phoenix SecureCore firmware running on select Intel processor families, including AlderLake, CoffeeLake, CometLake, IceLake, JasperLake, KabyLake, MeteorLake, RaptorLake, RocketLake, and TigerLake,” the firmware developer stated.
UEFI, a successor to BIOS, refers to motherboard firmware used throughout startup to initialize the {hardware} elements and cargo the working system by way of the boot supervisor.
The truth that UEFI is the primary code that is run with the highest privileges has made it a profitable goal for menace actors seeking to deploy bootkits and firmware implants that may subvert safety mechanisms and preserve persistence with out being detected.
This additionally implies that vulnerabilities found within the UEFI firmware can pose a extreme provide chain threat, as they will affect many alternative merchandise and distributors directly.
“UEFI firmware is some of the most high-value code on modern devices, and any compromise of that code can give attackers full control and persistence on the device,” Eclypsium stated.
The event comes practically a month after the corporate disclosed an identical unpatched buffer overflow flaw in HP’s implementation of UEFI that impacts HP ProBook 11 EE G1, a tool that reached end-of-life (EoL) standing as of September 2020.
It additionally follows the disclosure of a software program assault known as TPM GPIO Reset that may very well be exploited by attackers to entry secrets and techniques saved on disk by different working methods or undermine controls which can be protected by the TPM corresponding to disk encryption or boot protections.
