Cybersecurity scientists have disclosed specifics of a now-patched security flaw in Phoenix SecureCore UEFI firmware that has an effect on multiple family members of Intel Main desktop and mobile processors.
Tracked as CVE-2024-0762 (CVSS score: 7.5), the “UEFIcanhazbufferoverflow” vulnerability has been explained as a circumstance of a buffer overflow stemming from the use of an unsafe variable in the Trustworthy Platform Module (TPM) configuration that could consequence in the execution of destructive code.
“The vulnerability permits a neighborhood attacker to escalate privileges and get code execution inside of the UEFI firmware through runtime,” supply chain security business Eclypsium reported in a report shared with The Hacker Information.
“This variety of lower-level exploitation is normal of firmware backdoors (e.g., BlackLotus) that are increasingly noticed in the wild. This kind of implants give attackers ongoing persistence within just a device and normally, the capacity to evade larger-degree security measures managing in the working procedure and computer software levels.”
Pursuing responsible disclosure, the vulnerability was tackled by Phoenix Systems in April 2024. Personal computer maker Lenovo has also introduced updates for the flaw as of final month.
“This vulnerability impacts gadgets working with Phoenix SecureCore firmware operating on pick out Intel processor family members, such as AlderLake, CoffeeLake, CometLake, IceLake, JasperLake, KabyLake, MeteorLake, RaptorLake, RocketLake, and TigerLake,” the firmware developer reported.
UEFI, a successor to BIOS, refers to motherboard firmware made use of during startup to initialize the components parts and load the functioning procedure through the boot manager.
The fact that UEFI is the initially code which is run with the best privileges has made it a lucrative concentrate on for danger actors on the lookout to deploy bootkits and firmware implants that can subvert security mechanisms and retain persistence devoid of staying detected.
This also means that vulnerabilities identified in the UEFI firmware can pose a intense source chain risk, as they can affect several different goods and distributors at once.
“UEFI firmware is some of the most higher-worth code on modern day devices, and any compromise of that code can give attackers full management and persistence on the product,” Eclypsium mentioned.
The improvement will come practically a thirty day period just after the corporation disclosed a identical unpatched buffer overflow flaw in HP’s implementation of UEFI that impacts HP ProBook 11 EE G1, a device that reached conclusion-of-existence (EoL) position as of September 2020.
It also follows the disclosure of a software attack identified as TPM GPIO Reset that could be exploited by attackers to entry tricks stored on disk by other working techniques or undermine controls that are shielded by the TPM such as disk encryption or boot protections.
Uncovered this post exciting? Abide by us on Twitter and LinkedIn to browse more exclusive articles we article.
Some parts of this article are sourced from:
thehackernews.com