Home > Article > Hardware Tutorial > Lenovo has issued a patch in May, Phoenix UEFI firmware vulnerability disclosed: affecting hundreds of Intel PC CPU models
Lenovo has issued a patch in May, Phoenix UEFI firmware vulnerability disclosed: affecting hundreds of Intel PC CPU models
- WBOYOriginal
- 2024-06-22 10:27:28786browse
According to news from this site on June 21, Phoenix SecureCore UEFI firmware was exposed to a security vulnerability, affecting hundreds of Intel CPU devices. Lenovo has released a new firmware update to fix the vulnerability.
This site learned from reports that the vulnerability tracking number is CVE-2024-0762, known as "UEFICANHAZBUFFEROVERFLOW", which exists in the Trusted Platform Module (TPM) configuration in Phoenix UEFI firmware and is a buffer Area overflow vulnerability can be exploited to execute arbitrary code on vulnerable devices.
The vulnerability was discovered by Eclypsium, who discovered the vulnerability on Lenovo ThinkPad X1 Carbon 7th generation and X1 Yoga 4th generation devices, and later confirmed to Phoenix that it affects the SecureCore firmware of the following Intel CPUs:
Alder Lake
Coffee Lake
Comet Lake
Ice Lake
Jasper Lake
Kaby Lake
Meteor Lake
Raptor Lake
Rocket Lake
Tiger Lake
This vulnerability is possible due to the large number of Intel CPUs using this firmware Affecting hundreds of models from Lenovo, Dell, Acer and HP.
Eclypsium says the vulnerability they discovered is a buffer overflow in the System Management Mode (SMM) subsystem of the Phoenix SecureCore firmware, allowing an attacker to overwrite adjacent memory.
If the memory is overwritten with the correct data, it is possible for an attacker to escalate privileges and gain code execution capabilities in the firmware to install boot kit malware.
Phoenix issued a warning in April, and Lenovo released new firmware in May that fixed the vulnerability in more than 150 different models, but other manufacturers have not yet fully followed up on the fixes.
The above is the detailed content of Lenovo has issued a patch in May, Phoenix UEFI firmware vulnerability disclosed: affecting hundreds of Intel PC CPU models. For more information, please follow other related articles on the PHP Chinese website!